RE: PC Bracket/holder

[David W. McSpadden]

Besides the VCR/DVR brackets we have also used HDTV mounts to get them on
retractable brackets to get in and out of the way.

 

 

  _  

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]

Sent: Thursday, June 24, 2010 8:33 PM
To: NT System Admin Issues
Subject: RE: PC Bracket/holder

 

There are brackets for both the SFF and USFF.  I have not seen Dell branded
brackets for their larger machines.  Because of the number of models some of
them are actually 3rd party brackets instead of Dell branded versions.  Your
sales rep can find them for you.  If not send me an email with your service
tag and I will get you a part number.


Greg

 

From: Jon Harris [mailto:jk.har...@gmail.com] 
Sent: Thursday, June 24, 2010 6:55 PM
To: NT System Admin Issues
Subject: Re: PC Bracket/holder

 

If they are Dell's they sell some mounting brackets but I would think they
only fit certain size of SFF machines.

 

Jon

On Thu, Jun 24, 2010 at 2:53 PM, James Kerr  wrote:

Yeah I did, no luck with them.

- Original Message - 

From: Daniel   Rodriguez 

To: NT System Admin Issues   

Sent: Thursday, June 24, 2010 2:30 PM

Subject: Re: PC Bracket/holder

 

Have you checked out BlackBox? They usually have stuff like that.

On Thu, Jun 24, 2010 at 2:06 PM, James Kerr  wrote:

Heh guys, I'm looking to be able to mount some small form factor PCs to the
side of desks, so I guess I'm looking for a kinda J shaped bracket to mount
to the desk then place the PC on its side on the bracket. I know I've seen
them around at hospitals and such but I having trouble finding one. Anyone
use anything like that on this list that could help out?

 

James

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: PC Bracket/holder

[David W. McSpadden]

My maintenance guys found that vcr/dvr brackets work wonders on sff cpu's.

 

 

  _  

From: James Kerr [mailto:cluster...@gmail.com] 
Sent: Thursday, June 24, 2010 2:07 PM
To: NT System Admin Issues
Subject: PC Bracket/holder

 

Heh guys, I'm looking to be able to mount some small form factor PCs to the
side of desks, so I guess I'm looking for a kinda J shaped bracket to mount
to the desk then place the PC on its side on the bracket. I know I've seen
them around at hospitals and such but I having trouble finding one. Anyone
use anything like that on this list that could help out?

 

James

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: NTBackup scripting

[David W. McSpadden]

Ignore the %dtt it is a variable I am using from above.

 

 

C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and
Settings\Administrator\Local Settings\Application Data\Microsoft\Windows
NT\NTBackup\data\test.bks" /n "%computername%-%dtt%" /d "Daily %dtt%" /v:no
/r:no /rs:yes /hc:on /m normal /j "test" /l:f /f
"E:\Files\backup\backup.bkf"

 

Where test.bks is:

JET 03030611N4M055\Microsoft Information Store\First Storage Group\

SystemState

 

  _  

From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Wednesday, June 16, 2010 8:24 PM
To: NT System Admin Issues
Subject: NTBackup scripting

 

Anyone know if it's possible to script ntbackup to dump an exchange 2003
storage group w/o a bks file like you can if specifying a directory, or
drive etc?

 

Thanks!
jlc

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Added SMTP address to Exchange and I am getting an error trying to send

[David W. McSpadden]

Yes, perfectly correct.

 

  _  

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Friday, June 11, 2010 10:17 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

Is my analysis of your current setup correct?  Multiple addresses on the
same AD account?

On Fri, Jun 11, 2010 at 10:13 AM, David W. McSpadden 
wrote:

I want to be able to choose.

In this case it is the Insurance department.

They have to viable addresses:

joe.u...@imcu.com

And 

joe.u...@indianamembersinsurance.com

If Joe User is talking to an insurance claimant they want to send and
receive as the insurance account

If they are just talking with us they want to use the imcu account.

 

Does that make sense?

 

Also, I have 2 more departments that I am going to swing over to my exchange
in the next couple of weeks.

Some of my users will end up with as many as 4 smtp accounts because of
their jobs.

 

Thanks

 

  _  

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Friday, June 11, 2010 10:04 AM


To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

I think I get it now.  You added a second SMTP address to your account, and
now you want that to show as the sender?

 

Primary SMTP address = fred.flintst...@bedrock.com

Secondary SMTP address = mr.sl...@bedrock.com

 

And you want the mail to go out as Mr. Slate?

On Fri, Jun 11, 2010 at 9:59 AM, David W. McSpadden  wrote:

I think you have it but If I pick from the GAL won't that use my default
SMTP??

 

  _  

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Friday, June 11, 2010 9:57 AM


To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

If this is indeed your problem, you have to enable "Advanced Features" from
the View menu in ADUC.  Once that's done you can see the Security tab on the
properties of the user object in question which is where you set the proper
permission.

 

I have to say, however, that I'm not convinced this will solve your problem.
Are you trying to send as yourself?  In other words, as the same user you're
logged in as?  If so, pick your account out of the GAL instead of typing in
the SMTP address you created and see if that works.

 

I can think of some other possible issues as well, but if this is an
Exchange account in Outlook I'd try this first.

On Fri, Jun 11, 2010 at 9:40 AM, David W. McSpadden  wrote:

I read that in a KB but I am unclear at to where that is?

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, June 11, 2010 9:35 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

grant the SendAs permission by right-clicking on your Exchange mailbox and
choosing Manage SendAs permission

On 11 June 2010 14:28, David McSpadden  wrote:

I added the following address:

dav...@indianamembersinsurance.com

to my User account in AD.

I try to send  using the FROM: button in Outlook and It keeps telling me I
don't have permission.  I don't understand why this is an issue?

Is it a Receipient Policy in Exchange 2003 that I have missed??

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Added SMTP address to Exchange and I am getting an error trying to send

[David W. McSpadden]

I want to be able to choose.

In this case it is the Insurance department.

They have to viable addresses:

joe.u...@imcu.com

And 

joe.u...@indianamembersinsurance.com

If Joe User is talking to an insurance claimant they want to send and
receive as the insurance account

If they are just talking with us they want to use the imcu account.

 

Does that make sense?

 

Also, I have 2 more departments that I am going to swing over to my exchange
in the next couple of weeks.

Some of my users will end up with as many as 4 smtp accounts because of
their jobs.

 

Thanks

 

  _  

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Friday, June 11, 2010 10:04 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

I think I get it now.  You added a second SMTP address to your account, and
now you want that to show as the sender?

 

Primary SMTP address = fred.flintst...@bedrock.com

Secondary SMTP address = mr.sl...@bedrock.com

 

And you want the mail to go out as Mr. Slate?

On Fri, Jun 11, 2010 at 9:59 AM, David W. McSpadden  wrote:

I think you have it but If I pick from the GAL won't that use my default
SMTP??

 

  _  

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Friday, June 11, 2010 9:57 AM


To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

If this is indeed your problem, you have to enable "Advanced Features" from
the View menu in ADUC.  Once that's done you can see the Security tab on the
properties of the user object in question which is where you set the proper
permission.

 

I have to say, however, that I'm not convinced this will solve your problem.
Are you trying to send as yourself?  In other words, as the same user you're
logged in as?  If so, pick your account out of the GAL instead of typing in
the SMTP address you created and see if that works.

 

I can think of some other possible issues as well, but if this is an
Exchange account in Outlook I'd try this first.

On Fri, Jun 11, 2010 at 9:40 AM, David W. McSpadden  wrote:

I read that in a KB but I am unclear at to where that is?

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, June 11, 2010 9:35 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

grant the SendAs permission by right-clicking on your Exchange mailbox and
choosing Manage SendAs permission

On 11 June 2010 14:28, David McSpadden  wrote:

I added the following address:

dav...@indianamembersinsurance.com

to my User account in AD.

I try to send  using the FROM: button in Outlook and It keeps telling me I
don't have permission.  I don't understand why this is an issue?

Is it a Receipient Policy in Exchange 2003 that I have missed??

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Added SMTP address to Exchange and I am getting an error trying to send

[David W. McSpadden]

I think you have it but If I pick from the GAL won't that use my default
SMTP??

 

  _  

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Friday, June 11, 2010 9:57 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

If this is indeed your problem, you have to enable "Advanced Features" from
the View menu in ADUC.  Once that's done you can see the Security tab on the
properties of the user object in question which is where you set the proper
permission.

 

I have to say, however, that I'm not convinced this will solve your problem.
Are you trying to send as yourself?  In other words, as the same user you're
logged in as?  If so, pick your account out of the GAL instead of typing in
the SMTP address you created and see if that works.

 

I can think of some other possible issues as well, but if this is an
Exchange account in Outlook I'd try this first.

On Fri, Jun 11, 2010 at 9:40 AM, David W. McSpadden  wrote:

I read that in a KB but I am unclear at to where that is?

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, June 11, 2010 9:35 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

grant the SendAs permission by right-clicking on your Exchange mailbox and
choosing Manage SendAs permission

On 11 June 2010 14:28, David McSpadden  wrote:

I added the following address:

dav...@indianamembersinsurance.com

to my User account in AD.

I try to send  using the FROM: button in Outlook and It keeps telling me I
don't have permission.  I don't understand why this is an issue?

Is it a Receipient Policy in Exchange 2003 that I have missed??

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Added SMTP address to Exchange and I am getting an error trying to send

[David W. McSpadden]

I read that in a KB but I am unclear at to where that is?



 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Friday, June 11, 2010 9:35 AM
To: NT System Admin Issues
Subject: Re: Added SMTP address to Exchange and I am getting an error trying
to send

 

grant the SendAs permission by right-clicking on your Exchange mailbox and
choosing Manage SendAs permission

On 11 June 2010 14:28, David McSpadden  wrote:

I added the following address:

dav...@indianamembersinsurance.com

to my User account in AD.

I try to send  using the FROM: button in Outlook and It keeps telling me I
don't have permission.  I don't understand why this is an issue?

Is it a Receipient Policy in Exchange 2003 that I have missed??

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[David W. McSpadden]

Ahh
Thanx again.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, June 11, 2010 8:36 AM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Fri, Jun 11, 2010 at 7:48 AM, David W. McSpadden  wrote:
> IndianaMembersInsurance.COM was messed up by the ISP making
> Mail.IndianaMembersInsurance.com into
> Mail.IndianaMembersInsurance.IndianaMembersInsurance.com.

  I think I mentioned recently that in names like
, the trailing dot is significant.
Now you know why.  The trailing dot represents the root zone, and
tells DNS software the name is fully qualified.  Without a trailing
dot, DNS software generally assumes it has to append the current zone
origin on to a name.

  So when someone enters  into your
zone file, the origin (your second-level domain) gets appended,
yielding .
 We humans can look at that and see it's stupid, but the computer
doesn't know that.

  When working with DNS issues, it's a good idea to get in the habit
of specifying FQDNs with the trailing dot all the time.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: DNS settings tool

[David W. McSpadden]

Thanks. I will change up the batch file for the dig.
Understood about the PTR.
IMCU.ORG ended up being completely fine but 
IndianaMembersInsurance.COM was messed up by the ISP making 
Mail.IndianaMembersInsurance.com into
Mail.IndianaMembersInsurance.IndianaMembersInsurance.com.
Made for a long day of testing
Thanks again.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, June 10, 2010 8:04 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Thu, Jun 10, 2010 at 9:44 AM, David W. McSpadden  wrote:
> I have created a batch file and copied the output below it.

  A... there's better ways to do what I think you're trying to do.

dig +noall +ques +ans ANY imcu.org. www.imcu.org. ftp.imcu.org.
mail.imcu.org. webmail.imcu.org. pop.imcu.org. smtp.imcu.org.
mx.imcu.org. mx1.imcu.org. board.imcu.org. @pdns1.ultradns.net.

  The "+noall" option shuts off all output that you don't explicitly
turn on.  Then we say we're only interested in the question
(query/request) and answer sections.  (Note that hiding so much
information can sometimes be misleading, but it's good if you just
want to know what records exist and don't care about how/why they
don't.)

  What I see is that some of the names you're asking about exist, and
some do not.  Subdomains for , , and  all exist under
.  The rest do not exist.  Also, all I see are NS and A
records.  No MX records, no TXT records.

> I don't think my ISP set the PTR records?

  One thing to understand is that DNS records are basically all
independent of each other.  So the lack of PTR records won't keep you
from getting other records (assuming those other records exist).  In
other words, lack of PTR records isn't causing  to
not work.  :)

  Another thing is that PTR records don't come from forward lookup
zones like .  PTR records come from reverse lookup zones,
which will be "owned" by your network connectivity provider.  That's
usually not your domain registrar, web host, etc.

  DNS has to play some tricks on you to make reverse lookup work.
When you ask DNS "What name is associated with 206.18.123.221?", the
resolver library turns that into a query for PTR records with the
domain name <221.123.18.206.in-addr.arpa.>.  The order of the IP
address octets is reversed because DNS puts the most significant
labels to the right.

  You can tell DIG to build that kind of query for you with the -x switch:

dig -x 206.18.123.221

  That gives me a PTR record with RHS (right hand side) of
<03030611n4m055.imcu.local.>.  That's not a valid domain name for the
public Internet, so you've got something wrong there, too.  But it's
unrelated to the problems with the forward lookups.

On Thu, Jun 10, 2010 at 9:48 AM, David W. McSpadden  wrote:
> If I asked them to make these changes:
[table cut]
> I should see:
[output cut]

  The TXT and MX records look good, as far as DNS goes.  (Meaning: I
can't tell you if you have the right IP address, and I don't know
enough about your mail infrastructure to tell you what your SPF
records should say.)

  You're requesting an "Add" for an A record for the 
domain name.  That domain already has an A record, at the IP address
you give.  DNS generally allows multiple resource records for any
given domain, so you can easily create duplicates if your ISP isn't
checking your requests.  While a duplicate A record prolly isn't going
to hurt anything, I wouldn't recommend it.

  The request for a PTR record is all wrong.  :)
<221.123.18.206.in-addr.arpa.> is the domain (left hand side);
 is the RHS; and it has to go to a different service
provider.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: More pain on the Windows front, possible 0 day

[David W. McSpadden]

Drive by dns poisioning.  Think you are going to google.com and end up and
fu.google.com.  get the bad code embedded on your machine redirect to
google.com.  Nanoseconds and flicker to the user.  

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, June 10, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: More pain on the Windows front, possible 0 day

But, again, they'd have to browse a site with that exploit, which would mean
clicking a link within an e-mail, or just dumb luck...

>>> "David W. McSpadden"  6/10/2010 7:20 AM >>>
Other way around.

Your users have the opening on their pc.

The browse a site the the hcp:// embedded and the the embedded code can run
with their permissions on their pc.  So they could in fact install something
or copy something to their machine with the hcp:// exploit.

That's how I read it anyways.

 

  _  

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, June 10, 2010 10:09 AM
To: NT System Admin Issues
Subject: RE: More pain on the Windows front, possible 0 day

 

So I'm not clear.if someone clicks on "Help and Support" in 2003 / XP it's
possible for them to get exploted because they might look for something and
get redirected to a compromised site? I'm not clear.what would my users have
to go to get exploited?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, June 10, 2010 6:46 AM
To: NT System Admin Issues
Subject: RE: More pain on the Windows front, possible 0 day

 

What I am thinking if we don't have the spot in the registry, then maybe
configuring your web filtering, to block all URL's  or sequences that are
calling HCP://

 

Per the seclist.org site the rogue html file had the following in it: 

$ cat starthelp.html 



 

But this was shown accordingly;

Few users rely on Help Centre urls, it is safe to temporarily disable them
by removing HKCR\HCP\shell\open. This modification can be deployed easily
using
GPOs. For more information on Group Policy, see Microsoft's Group Policy
site,
here
 
This is the exported registry per my XP SP3 system. 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\HCP]
@="Help Center Pluggable Protocol"
"URL Protocol"=""
"EditFlags"=dword:0002
"FriendlyTypeName"="@C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,
-2100"
 
[HKEY_CLASSES_ROOT\HCP\shell]
 
[HKEY_CLASSES_ROOT\HCP\shell\open]
 
[HKEY_CLASSES_ROOT\HCP\shell\open\command]
@="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\" -FromHCP -url
\"%1\""
 
Then you can send save this .reg file for restoration procedures if needed. 
 
The following the directions in http://support.microsoft.com/kb/310516 
 
Basically I believe it would look like the following for 
 
HCPfix.reg
 
[-HKEY_CLASSES_ROOT\HCP]
@="Help Center Pluggable Protocol"
"URL Protocol"=""
"EditFlags"=dword:0002
"FriendlyTypeName"="@C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,
-2100"
 
[-HKEY_CLASSES_ROOT\HCP\shell]
 
[-HKEY_CLASSES_ROOT\HCP\shell\open]
 
[-HKEY_CLASSES_ROOT\HCP\shell\open\command]
@="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\" -FromHCP -url
\"%1\""
 
Then do a test deploy with Startup GPO with the following as the script. 
HCPfix.cmd

regedit.exe /s HCPFIX.reg

 
 
 
http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx 

 

 

I haven't tried it, since I have HIPS at the workstation is a mitigation
control, but for those who don't this might just be the workaround you are
going to need before M$ puts out an OOB patch if they are going too.
Depends on how many PCs you have at risk, how much privileges your users
have and how much of a threat you believe them to be at against this exploit
from the internet. 

 

Sincerely,

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org 

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 9:14 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

I think it is just for XP/2003, and it is the MS Help Center stuff

It actually doesn't work properly on 2008, as far as I can tell - I was
looking a bit too deep

On 10 June 2010 14:08, David W. McSpadden  wrote:

I don't have it as well but I am win7pro and I didn't install the HP help
center software??

Maybe??

 

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 8:38 AM


To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

RE: More pain on the Windows front, possible 0 day

[David W. McSpadden]

Other way around.

Your users have the opening on their pc.

The browse a site the the hcp:// embedded and the the embedded code can run
with their permissions on their pc.  So they could in fact install something
or copy something to their machine with the hcp:// exploit.

That's how I read it anyways.

 

  _  

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, June 10, 2010 10:09 AM
To: NT System Admin Issues
Subject: RE: More pain on the Windows front, possible 0 day

 

So I'm not clear.if someone clicks on "Help and Support" in 2003 / XP it's
possible for them to get exploted because they might look for something and
get redirected to a compromised site? I'm not clear.what would my users have
to go to get exploited?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, June 10, 2010 6:46 AM
To: NT System Admin Issues
Subject: RE: More pain on the Windows front, possible 0 day

 

What I am thinking if we don't have the spot in the registry, then maybe
configuring your web filtering, to block all URL's  or sequences that are
calling HCP://

 

Per the seclist.org site the rogue html file had the following in it: 

$ cat starthelp.html 



 

But this was shown accordingly;

Few users rely on Help Centre urls, it is safe to temporarily disable them
by removing HKCR\HCP\shell\open. This modification can be deployed easily
using
GPOs. For more information on Group Policy, see Microsoft's Group Policy
site,
here
 
This is the exported registry per my XP SP3 system. 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\HCP]
@="Help Center Pluggable Protocol"
"URL Protocol"=""
"EditFlags"=dword:0002
"FriendlyTypeName"="@C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,
-2100"
 
[HKEY_CLASSES_ROOT\HCP\shell]
 
[HKEY_CLASSES_ROOT\HCP\shell\open]
 
[HKEY_CLASSES_ROOT\HCP\shell\open\command]
@="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\" -FromHCP -url
\"%1\""
 
Then you can send save this .reg file for restoration procedures if needed. 
 
The following the directions in http://support.microsoft.com/kb/310516
 
Basically I believe it would look like the following for 
 
HCPfix.reg
 
[-HKEY_CLASSES_ROOT\HCP]
@="Help Center Pluggable Protocol"
"URL Protocol"=""
"EditFlags"=dword:0002
"FriendlyTypeName"="@C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,
-2100"
 
[-HKEY_CLASSES_ROOT\HCP\shell]
 
[-HKEY_CLASSES_ROOT\HCP\shell\open]
 
[-HKEY_CLASSES_ROOT\HCP\shell\open\command]
@="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\" -FromHCP -url
\"%1\""
 
Then do a test deploy with Startup GPO with the following as the script. 
HCPfix.cmd

regedit.exe /s HCPFIX.reg

 
 
 
http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx

 

 

I haven't tried it, since I have HIPS at the workstation is a mitigation
control, but for those who don't this might just be the workaround you are
going to need before M$ puts out an OOB patch if they are going too.
Depends on how many PCs you have at risk, how much privileges your users
have and how much of a threat you believe them to be at against this exploit
from the internet. 

 

Sincerely,

EZ

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 9:14 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

I think it is just for XP/2003, and it is the MS Help Center stuff

It actually doesn't work properly on 2008, as far as I can tell - I was
looking a bit too deep

On 10 June 2010 14:08, David W. McSpadden  wrote:

I don't have it as well but I am win7pro and I didn't install the HP help
center software??

Maybe??

 

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 8:38 AM


To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

I can't find the protocol handler anywhere in HKCR?

On 10 June 2010 13:31, Joe Tinney  wrote:

The article Susan linked had a mitigations section. The one I am most
interested in was the temporary disabling of the hcp protocol handler in the
registry.

 

http://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORY

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, June 10, 2010 7:23 AM


To: NT System Admin Issues

Subject: RE: More pain on the Windows front, possible 0 day

 

My intial thought would be HIPS to block the helpctr from even being called,
either that or stopping the help and support cente

RE: More pain on the Windows front, possible 0 day

[David W. McSpadden]

Ok that's what I read but I wanted to be sure.

I don't even have the binaries directory so I am good.

 

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 9:14 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

I think it is just for XP/2003, and it is the MS Help Center stuff

It actually doesn't work properly on 2008, as far as I can tell - I was
looking a bit too deep

On 10 June 2010 14:08, David W. McSpadden  wrote:

I don't have it as well but I am win7pro and I didn't install the HP help
center software??

Maybe??

 

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 8:38 AM


To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

I can't find the protocol handler anywhere in HKCR?

On 10 June 2010 13:31, Joe Tinney  wrote:

The article Susan linked had a mitigations section. The one I am most
interested in was the temporary disabling of the hcp protocol handler in the
registry.

 

http://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORY

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, June 10, 2010 7:23 AM


To: NT System Admin Issues

Subject: RE: More pain on the Windows front, possible 0 day

 

My intial thought would be HIPS to block the helpctr from even being called,
either that or stopping the help and support center service, and ACLing the
helpctr.exe. But still waiting to see what comes up on the Security lists
from Microsoft that Susan Bradley myself and others are on, for additional
mitigation aspects. 

 

It is a unique exploit since it combines XSS with a hex obfuscation to
bypass windows system controls. 

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 7:16 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

Saw this earlier on Patch Management...any word yet on workaround/mitigation
to keep us sane until the inevitable OOB patch comes around?

On 10 June 2010 12:00, Ziots, Edward  wrote:

http://www.theregister.co.uk/2010/06/10/windows_help_bug/
http://seclists.org/fulldisclosure/2010/Jun/205

Looks like a combination of XSS, and invoking the hcp protocol for help and
support center to execute commands in the context of the logged on user.

PS: Mad Props to Susan Bradley on the Patch Management list for putting this
out

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

 

 

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: DNS settings tool

[David W. McSpadden]

I have created a batch file and copied the output below it.  I don't think
my ISP set the PTR records?

Should I see them using DIG site any???

 

echo on

c:

cd tmp\dig

del %1.txt /q

del dig.%1.txt /q

:root

dig %1 any>%1.txt

copy %1.txt dig.%1.txt

:www

dig www.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:ftp

dig ftp.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:mail

dig mail.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:webmail

dig webmail.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:pop

dig pop.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:smtp

dig smtp.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:mx

dig mx.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:mx1

dig mx1.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

:board

dig board.%1 any>%1.txt

copy dig.%1.txt+%1.txt dig.%1.txt

findstr /B/V/C:";;" dig.%1.txt>digout.%1.txt

 

notepad digout.%1.txt

 

pause

del %1.txt /q

del dig.%1.txt /q

 

With this being the output:

 

; <<>> DiG 9.2.3 <<>> imcu.org any

 

;imcu.org.  INANY

 

imcu.org. 83270 INA 12.145.177.146

imcu.org. 83270 INNSpdns6.ultradns.co.uk.

imcu.org. 83270 INNSpdns5.ultradns.info.

imcu.org. 83270 INNSpdns4.ultradns.org.

imcu.org. 83270 INNSpdns3.ultradns.org.

imcu.org. 83270 INNSpdns2.ultradns.net.

imcu.org. 83270 INNSpdns1.ultradns.net.

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 86400

imcu.org. 83270 INMX5 mx1.imcu.org.

imcu.org. 83270 INTXT   "V=SPF1 ip4:206.18.123.221 ~all"

 

pdns6.ultradns.co.uk.   83138 INA 204.74.115.1

pdns5.ultradns.info.83257 INA 204.74.114.1

pdns4.ultradns.org. 48073 INA 199.7.69.1

pdns3.ultradns.org. 48073 INA 199.7.68.1

pdns2.ultradns.net. 37119 INA 204.74.109.1

pdns1.ultradns.net. 36190 INA 204.74.108.1

mx1.imcu.org.   85131 INA 206.18.123.221

 

 

 

; <<>> DiG 9.2.3 <<>> www.imcu.org any

 

;www.imcu.org.INANY

 

www.imcu.org.   83498 INA 12.145.177.146

 

 

; <<>> DiG 9.2.3 <<>> ftp.imcu.org any

 

;ftp.imcu.org.INANY

 

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 793

 

 

; <<>> DiG 9.2.3 <<>> mail.imcu.org any

 

;mail.imcu.org.   INANY

 

mail.imcu.org.  83463 INA 206.18.123.221

 

 

; <<>> DiG 9.2.3 <<>> webmail.imcu.org any

 

;webmail.imcu.org.INANY

 

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 793

 

 

; <<>> DiG 9.2.3 <<>> pop.imcu.org any

 

;pop.imcu.org.INANY

 

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 793

 

 

; <<>> DiG 9.2.3 <<>> smtp.imcu.org any

 

;smtp.imcu.org.   INANY

 

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 794

 

 

; <<>> DiG 9.2.3 <<>> mx.imcu.org any

 

;mx.imcu.org. INANY

 

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 794

 

 

; <<>> DiG 9.2.3 <<>> mx1.imcu.org any

 

;mx1.imcu.org.INANY

 

mx1.imcu.org.   85131 INA 206.18.123.221

 

 

; <<>> DiG 9.2.3 <<>> board.imcu.org any

 

;board.imcu.org.  INANY

 

imcu.org. 83270 INSOA   pdns1.ultradns.net.
bill\.krause.fiserv.com. 2010060902 10800 3600 2592000 794

 

 

 

 

 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 4:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

 

On Wed, Jun 9, 2010 at 2:49 PM, David W. McSpadden  wrote:

> Not so much over my head and a little foggy about the details.

 

  If you're going to be doing anything serious with DNS (and it sounds

like you are), I highly recommend the book /DNS and BIND/ from

O'Reilly.  While the content on BIND will be mostly irrelevant to you,

the stuff on theory, diagnostics, and tools will be invaluable.

 

  http://oreilly.com/catalog/9780596100575

 

  Or... there's also /DNS on Windows Server/, which is supposed to be

a more Microsoft-OS-oriented book.  It shares several of the same

authors, so I expect it could well be a better match.  I've just 

RE: More pain on the Windows front, possible 0 day

[David W. McSpadden]

I don't have it as well but I am win7pro and I didn't install the HP help
center software??

Maybe??

 

 

  _  

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 8:38 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

I can't find the protocol handler anywhere in HKCR?

On 10 June 2010 13:31, Joe Tinney  wrote:

The article Susan linked had a mitigations section. The one I am most
interested in was the temporary disabling of the hcp protocol handler in the
registry.

 

http://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORY

 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Thursday, June 10, 2010 7:23 AM


To: NT System Admin Issues

Subject: RE: More pain on the Windows front, possible 0 day

 

My intial thought would be HIPS to block the helpctr from even being called,
either that or stopping the help and support center service, and ACLing the
helpctr.exe. But still waiting to see what comes up on the Security lists
from Microsoft that Susan Bradley myself and others are on, for additional
mitigation aspects. 

 

It is a unique exploit since it combines XSS with a hex obfuscation to
bypass windows system controls. 

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org

 

From: James Rankin [mailto:kz2...@googlemail.com] 
Sent: Thursday, June 10, 2010 7:16 AM
To: NT System Admin Issues
Subject: Re: More pain on the Windows front, possible 0 day

 

Saw this earlier on Patch Management...any word yet on workaround/mitigation
to keep us sane until the inevitable OOB patch comes around?

On 10 June 2010 12:00, Ziots, Edward  wrote:

http://www.theregister.co.uk/2010/06/10/windows_help_bug/
http://seclists.org/fulldisclosure/2010/Jun/205

Looks like a combination of XSS, and invoking the hcp protocol for help and
support center to execute commands in the context of the logged on user.

PS: Mad Props to Susan Bradley on the Patch Management list for putting this
out

Z

Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

 

 

 

 




-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS settings tool

[David W. McSpadden]

You are not a jerk and I didn't take it that way.
Matter o factness is the best way to communicate.
You have just told me what I needed to know about the sub domains.
And I get what you are saying about the rest.
Not so much over my head and a little foggy about the details.
These domains are test domains anyways with only about 8 email accounts in
either of them so I am ok for my job.  When I get the balls to do imcu.com
then I better know what the hell I doing.
Thanks again.


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 2:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

David W. McSpadden [mailto:dav...@imcu.com] wrote:
> My problem is I don't understand it enough to give information.

  You should probabbly call in a paid consultant/IT services firm,
then.  Unfortunately I'm not in the Indiana area so I can't recommend
one.

  I'm not getting all your mail on this list.  The only reason I even
saw your mail is someone else replied to it.  I suspect your recent
changes did something wrong, and your mail is sometimes getting
filtered as spam.

  It's going to be very hard to fix your email over email.  See above
about paid experts.

  I'm not trying to be a jerk; I'm trying to give you the best advice
I can.  To me, it looks like you're in way over your head and may be
on the verge of serious Internet infrastructure trouble.  If you
really want to try and fix that by email on a volunteer mailing list,
I'll certainly try to help, but your boss may fire you first.

> Now I want to go to the Internet and query those two domains and make sure
> the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

  If you just want to view what the records at the nameservers
currently are, open up a command prompt and do:

nslookup -type=ANY %DOMAIN_NAME% %AUTHORITATIVE_DNS_SERVER_NAME%

  For example:

nslookup -type=ANY imcu.com. pdns1.ultradns.net.

  If you don't know your registered nameservers, ask the root servers:

nslookup -type=ANY imcu.com. a.root-servers.net.

  They will prolly give you a delegation to another set of servers --
that is, you will just see a list of nameservers and IP address.  Pick
one of the offered nameservers and repeat until you get the answers
you're looking for.

  For example, I can tell you that currently,  is delegated
to UltraDNS.   says imcu.org.> an MX of
, which has IP address <206.18.123.221>.  The SPF
record specifies that same IP address, and excludes all others.

  But I have no idea if that is "correct" or not.  I have no knowledge
of your infrastructure or what you're trying to do, the way things
were before or what they're supposed to be now.

> The prefixes (I probably used the wrong name) are like pop.imcu.org,
> smtp.imcu.org, mail.imcu.org, www.imcu.org like that

  Technically, those are called "child domains" or "subdomains", but
what do you want to do with them?

  I can tell you that  tells me that
 has IP address <12.145.177.146>, but has no MX record.
 (But you probabbly don't want your web server to have an MX record.)
There does seem to be a website that responds to the name
 at that IP address.  You're "Indiana Members Credit
Union", right?

  There's no tool you can run from a third-party website that will
talk your DNS sub-tree automatically -- your nameservers are
configured *NOT* to tell the public all the records under your domain
(zone transfer).  You will need access to your DNS zone file (or the
UltraDNS equivalent).

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: DNS settings tool

[David W. McSpadden]

Thanks Ben.
Understand about the more information is better.
My problem is I don't understand it enough to give information.
I asked my ISP to make changes to the mail areas of imcu.org and
indianamembersinsurance.com 
Now I want to go to the Internet and query those two domains and make sure
the MX, A, PTR, and TXT(SPF) records have all been updated correctly.

The prefixes (I probably used the wrong name) are like pop.imcu.org,
smtp.imcu.org, mail.imcu.org, www.imcu.org like that
Am I getting close to saying it correctly?


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:41 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 1:10 PM, David W. McSpadden  wrote:
> Mired down in meetings.

  I'm busy, too.  I suspect we all are.  Yet I and others are taking
the time to participate here.  Please do us all the same courtesy
yourself, and take the time to include relevant information in your
requests.

> External settings for imcu.org, indianamembersinsurance.com.

  "External settings"?

  Those domain names exist, I can query resource records for them.
ZoneCheck complains about some things, but nothing strictly related to
DNS.

  If you mean, "I want everything to work right for everything all the
time", well, we all want that, but that's way too open-ended a
request.

  Give us some clue as to what is driving your request and we may be
able to help you.

> I would like something that will me all the prefixes that are being used
as
> well.

  Not sure what you mean by "prefixes".

  If you mean, you want to know all the child domain names under
, you can't easily get that from an external tool unless
you're allowing zone transfers (and you're not).  But you should just
be able to look at your own DNS server, though, so I'm not sure I
understand the question.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: DNS settings tool

[David W. McSpadden]

Mired down in meetings.
External settings for imcu.org, indianamembersinsurance.com.
I would like something that will me all the prefixes that are being used as
well.


-Original Message-
From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:09 PM
To: NT System Admin Issues
Subject: RE: DNS settings tool

Did not specify internal or public DNS either... internal checking with the
free download would require a Linux machine, would it not?

Carl

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 09, 2010 1:04 PM
To: NT System Admin Issues
Subject: Re: DNS settings tool

On Wed, Jun 9, 2010 at 12:11 PM, David McSpadden  wrote:
> What is a good tool to check that all my DNS settings have been setup
> correctly?

http://www.zonecheck.fr/

  Both free and Free.  Run it on their site, or download and run your own.

  I note that you do not specify what you mean by "correctly".

-- Ben



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT (bit of topic), anyone delt with recovery ITunes Store bought Music,(backedup to external drive) and restored to a brand new install???

[David W. McSpadden]

Really?

 

  _  

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Thursday, June 03, 2010 4:36 PM
To: NT System Admin Issues
Subject: RE: OT (bit of topic), anyone delt with recovery ITunes Store
bought Music,(backedup to external drive) and restored to a brand new
install???

 

I think there's an app for that.  

 

Shook

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Thursday, June 03, 2010 4:35 PM
To: NT System Admin Issues
Subject: RE: OT (bit of topic), anyone delt with recovery ITunes Store
bought Music,(backedup to external drive) and restored to a brand new
install???

 

Google something like "move itunes library to another computer". Tons of
info out there.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: justino garcia [mailto:jgarciaitl...@gmail.com] 
Sent: Thursday, June 03, 2010 4:33 PM
To: NT System Admin Issues
Subject: OT (bit of topic), anyone delt with recovery ITunes Store bought
Music,(backedup to external drive) and restored to a brand new install???

 

OT (bit of topic), anyone delt with recovery ITunes Store bought Music, and
restored to a brand new install???

I am going to reformat and reinstall the OS a customer who got malware. 

 

They asked me to backup thier itunes library, bought tons of music from
itunes store.

Is it simple Backing of itunes library xml and music directory to an
external drive, and then recoverying to new PC???

 

Any ideas?

 

Thanks

-- 
Justin
IT-TECH

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS question

[David W. McSpadden]

Ok.  

Going forward with a migration away from hosted email to hosting it my self
on Exchange and I have 4 domains' to bring in through my firewall and
Ironport. 

Just wanted to be sure before I finish this write to the board.

Thanks

 

 

  _  

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Thursday, June 03, 2010 9:34 AM
To: NT System Admin Issues
Subject: RE: DNS question

 

Yup.

 

It's standard practice if you are using host-headers on your web server to
serve multiple domains.

 

-sc

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Thursday, June 03, 2010 9:31 AM
To: NT System Admin Issues
Subject: DNS question

 

Can I have multiple domains pointed to the same IP?

 

Mx1.imcu.org xxx.xxx.xxx.xx1

Mail.imcu.com xxx.xxx.xxx.xx1

Mail.indianamembersinsurance.com xxx.xxx.xxx.xx1

 

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: DNS question

[David W. McSpadden]

Just says to consider.  

:-)

 

  _  

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Thursday, June 03, 2010 9:32 AM
To: NT System Admin Issues
Subject: RE: DNS question

 

Yes and I printed your email, just to tick you off..

 

Shook

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Thursday, June 03, 2010 9:31 AM
To: NT System Admin Issues
Subject: DNS question

 

Can I have multiple domains pointed to the same IP?

 

Mx1.imcu.org xxx.xxx.xxx.xx1

Mail.imcu.com xxx.xxx.xxx.xx1

Mail.indianamembersinsurance.com xxx.xxx.xxx.xx1

 

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: What the heck?

[David W. McSpadden]

Did Ninja catch it or did you have to scan it manually??



 

  _  

From: Alex Eckelberry [mailto:al...@sunbelt-software.com] 
Sent: Tuesday, June 01, 2010 2:34 PM
To: NT System Admin Issues
Subject: RE: What the heck?

 

The exe below is malware (I suppose everyone figured that out). 

 

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Tuesday, June 01, 2010 1:34 PM
To: NT System Admin Issues
Subject: What the heck?

 

Ok so my users are getting this right now.  I have blocked the ip with
Ironport and sent the email saying not to open it but to delete it.

Anyone else getting this crap today?

 

 

 

 

 

 

If you already received this information before and action has been taken,
then please ignore.

 

This important information about a security vulnerability requires your
immediate attention!

 

All systems detected using Adobe products have been sent out this e-mail and
are all requested to update their systems urgently.

Kindly follow the instructions in the e-mail as forwarded below.

 

Failure to comply will result in all financial and non financial loss to be
a liability of the receiver.

 

Please treat this e-mail as a matter of urgency. No further follow up
warning will be sent.

 

**This e-mail is a computer generated e-mail from ad...@imcu.com and does
not require a reply**

 

 

--- On Fri, 5/28/10, Richard Barnett  wrote: ---

From: Richard Barnett 

To: Administrator 

Subject: Adobe Security Update

Date: Friday, May 28, 2010, 11:24 AM

 

Broadcast message:

Adobe has issued a directive which states that all systems running their
software should be patched for the latest security glitch.

The CVE-2010-0193 Denial of Service Vulnerability has recently been
discovered on several systems running the previously released version of the
software, which has been further documented on security sites such as
http://www.securityfocus.com/bid/39524

It is strongly advised that all systems running the Adobe software is
updated with the latest security patch to avoid further situations hampering
the security and integrity of the system. Failure to follow the directive
would mean that any loss which occurs due to the negligence will be a
liability of the company and not Adobe. The link to update the system with
the latest patch and instructions are provided below:

 

Download the instructions here: http://190.144.101.204/adobe/update.pdf
(requires Adobe Acrobat Reader).

To update your system, download the installation file here:
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).

(Read first the instructions before updating the system)

 

 

Your urgent attention is most appreciated,

 

Richard Barnett

Adobe Risk Management

345 Park Avenue

San Jose, CA 95110-2704

Tel: 408-587-3932

rbarn...@adobe.com

 

---

Disclaimer: 

This e-mail message and information contained in or attached to this message
is privileged, confidential, and protected from disclosure and is intended
only for the person or entity to which it is addressed. Any review,
re-transmission, dissemination, printing or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited.

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What the heck?

[David W. McSpadden]

Looks like they are down now.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, June 01, 2010 2:07 PM
To: NT System Admin Issues
Subject: Re: What the heck?

On Tue, Jun 1, 2010 at 1:47 PM, Erik Goldoff  wrote:
> I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
> security information and patches from that country 

  I particularly like the PDF with the spoofed Adobe security
advisory.  It looks just like something a company would put out, and
certainly Adobe loves PDF.

  The use of a bare IP address in the URLs is a dead giveaway, though.
 If they had employed some URL obfuscation techniques, it would be
much more difficult to spot at first glance.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: What the heck?

[David W. McSpadden]

Phone number is disconnected too.  Adobe is having a rough month.

 

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Tuesday, June 01, 2010 1:48 PM
To: NT System Admin Issues
Subject: Re: What the heck?

 

Hmmm, the numerical IP address later in the body of the message seems to
belong to someone in Bogota Columbia 
I wasn't aware that Adobe was HQ'd in Columbia nor distributed vital
security information and patches from that country 

 

MORE social engineering.

On Tue, Jun 1, 2010 at 1:34 PM, David McSpadden  wrote:

Ok so my users are getting this right now.  I have blocked the ip with
Ironport and sent the email saying not to open it but to delete it.

Anyone else getting this crap today?

 

 

 

 

 

 

If you already received this information before and action has been taken,
then please ignore.

 

This important information about a security vulnerability requires your
immediate attention!

 

All systems detected using Adobe products have been sent out this e-mail and
are all requested to update their systems urgently.

Kindly follow the instructions in the e-mail as forwarded below.

 

Failure to comply will result in all financial and non financial loss to be
a liability of the receiver.

 

Please treat this e-mail as a matter of urgency. No further follow up
warning will be sent.

 

**This e-mail is a computer generated e-mail from ad...@imcu.com and does
not require a reply**

 

 

--- On Fri, 5/28/10, Richard Barnett  wrote: ---

From: Richard Barnett 

To: Administrator 

Subject: Adobe Security Update

Date: Friday, May 28, 2010, 11:24 AM

 

Broadcast message:

Adobe has issued a directive which states that all systems running their
software should be patched for the latest security glitch.

The CVE-2010-0193 Denial of Service Vulnerability has recently been
discovered on several systems running the previously released version of the
software, which has been further documented on security sites such as
http://www.securityfocus.com/bid/39524

It is strongly advised that all systems running the Adobe software is
updated with the latest security patch to avoid further situations hampering
the security and integrity of the system. Failure to follow the directive
would mean that any loss which occurs due to the negligence will be a
liability of the company and not Adobe. The link to update the system with
the latest patch and instructions are provided below:

 

Download the instructions here: http://190.144.101.204/adobe/update.pdf
(requires Adobe Acrobat Reader).

To update your system, download the installation file here:
http://190.144.101.204/adobe/adbp932b.exe (adbp932b.exe).

(Read first the instructions before updating the system)

 

 

Your urgent attention is most appreciated,

 

Richard Barnett

Adobe Risk Management

345 Park Avenue

San Jose, CA 95110-2704

Tel: 408-587-3932

rbarn...@adobe.com

 

---

Disclaimer: 

This e-mail message and information contained in or attached to this message
is privileged, confidential, and protected from disclosure and is intended
only for the person or entity to which it is addressed. Any review,
re-transmission, dissemination, printing or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited.

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Web based scanning tool

[David W. McSpadden]

IT audits have always been the last place they look here and they only skim
us.
We have been using everything we can find, SOX, Hippa, GBLa, Nessus, stuff
like that.
Now since the regulators are breathing down their necks they are coming for
us.
No big deal I just like to know ahead of time where to verify.
They speak of the FDCC and the CAG audit guidelines as their base.
We can handle it I am just having a hard time finding this old tool...

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Friday, May 28, 2010 12:39 PM
To: NT System Admin Issues
Subject: RE: Web based scanning tool

ouch... seems like a way of getting you guys behind the 8-ball.  Did they
pull FDCC out of their hats?  I would think you'd know what standard they're
using before they actually come in, though...

>>> "David W. McSpadden"  5/28/2010 9:32 AM >>>
Isn't that subservant?

Anyways, auditors are in and ask us if we have heard of FDCC, we say no
because they have never mentioned them.  They say they will be using that as

There baseline from now on.
We say ok.
Now I know I have seen an high level pc scanner or audit tool or whatever
that shows you guidelines for GPO settings etc...

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Friday, May 28, 2010 11:59 AM
To: NT System Admin Issues
Subject: RE: Web based scanning tool

In your case, EZ, compliant to Shookie.

>>> "Ziots, Edward"  5/28/2010 8:46 AM >>>
Compliant to what exactly? 

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org 

 

From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Friday, May 28, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Web based scanning tool

 

Sounds like maybe something from http://www.onguardonline.gov? I don't
think the more technical sites http://csrc.nist.gov or  
http://www.us-cert.gov will have online tools like that.

 

-Malcolm

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, May 28, 2010 07:35
To: NT System Admin Issues
Subject: Web based scanning tool

 

A long while ago there was a .gov site that had a web based scanner.  It
would scan your pc and then give you the recommended security settings
to be compliant.  It had and NT scanner, 2000 scanner, and an XP
scanner.  I can not for the life of me remember it right now.  Nist.gov
or frc.gov or something official sounding

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Web based scanning tool

[David W. McSpadden]

Isn't that subservant?

Anyways, auditors are in and ask us if we have heard of FDCC, we say no
because they have never mentioned them.  They say they will be using that as

There baseline from now on.
We say ok.
Now I know I have seen an high level pc scanner or audit tool or whatever
that shows you guidelines for GPO settings etc...

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Friday, May 28, 2010 11:59 AM
To: NT System Admin Issues
Subject: RE: Web based scanning tool

In your case, EZ, compliant to Shookie.

>>> "Ziots, Edward"  5/28/2010 8:46 AM >>>
Compliant to what exactly? 

 

Z

 

Edward Ziots

CISSP,MCSA,MCP+I,Security +,Network +,CCA

Network Engineer

Lifespan Organization

401-639-3505

ezi...@lifespan.org 

 

From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Friday, May 28, 2010 11:21 AM
To: NT System Admin Issues
Subject: RE: Web based scanning tool

 

Sounds like maybe something from http://www.onguardonline.gov? I don't
think the more technical sites http://csrc.nist.gov or  
http://www.us-cert.gov will have online tools like that.

 

-Malcolm

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, May 28, 2010 07:35
To: NT System Admin Issues
Subject: Web based scanning tool

 

A long while ago there was a .gov site that had a web based scanner.  It
would scan your pc and then give you the recommended security settings
to be compliant.  It had and NT scanner, 2000 scanner, and an XP
scanner.  I can not for the life of me remember it right now.  Nist.gov
or frc.gov or something official sounding

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Ping...

[David W. McSpadden]

Pong...

-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com] 
Sent: Thursday, May 27, 2010 12:13 PM
To: NT System Admin Issues
Subject: Ping...

Sorry for the "ping", but I don't think I'm getting messages back that
I'm sending to the list.  Either that or the message isn't making it to
the list to begin with, in which case I won't get any replies because
y'all won't see it.

-Paul

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: limited logon script??

[David W. McSpadden]

Thanks Rene,  Everything but the Call works.  It doesn't wait on the click
of the ok button so I could just execute it without the call I guess.

 

 

  _  

From: Rene de Haas [mailto:rene.deh...@gmail.com] 
Sent: Monday, May 24, 2010 6:38 AM
To: NT System Admin Issues
Subject: Re: limited logon script??

 

No it doesn't work that way. You can log on from many places and link to the
same share without any problem, unless you configure the share to allow only
one connection.

On Fri, May 21, 2010 at 9:21 PM, David McSpadden  wrote:

Is this all I really need to do?

Create silent usershare on server.

Add this to top of logon.bat?

 

 

 

echo on

net use x: \\10.0.50.205\%username%$

if errorlevel 1 goto :logoff

goto :continue

:logoff

call MSG.exe %username% "The user %username% is already logged into the
network somewhere else.  Please log off that workstation before trying to
log into the network again."

logoff.exe

:continue

setx logdrive "X:"

setx logpath "X:\"

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: Get User with Group membership in a file.

[David W. McSpadden]

Thanks

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, May 19, 2010 3:07 PM
To: NT System Admin Issues
Subject: Re: Get User with Group membership in a file.

adfind -b ou=users,dc=imcu,dc=local -f "objectcategory=person" -csv
-nodn displayname memberof > out.txt

On Wed, May 19, 2010 at 10:57, David McSpadden  wrote:
>
> I have to get all my ad users and their group membership to a file and I
have them in two CN’s
>
>
>
> On Error Resume Next
>
>
>
> Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
>
>
>
> Set objOU = GetObject _
>
>     ("LDAP://cn=Users,dc=imcu,dc=local")
>
>
>
> ObjOU.Filter= Array("user")
>
>
>
> For Each objUser in objOU
>
>     WScript.Echo objUser.cn & " is a member of: "
>
>     WScript.Echo vbTab & "Primary Group ID: " & _
>
>     objUser.Get("primaryGroupID")
>
>
>
>     arrMemberOf = objUser.GetEx("memberOf")
>
>
>
>     If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then
>
>     For Each Group in arrMemberOf
>
>     WScript.Echo vbTab & Group
>
>     Next
>
>     Else
>
>     WScript.Echo vbTab & "memberOf attribute is not set"
>
>     Err.Clear
>
>     End If
>
>     Wscript.Echo
>
> Next
>
>
>
> I also have a Cn No ScreenSaver Personnel.  But when I put it into the
above I get 0.
>
>
>
> “Please consider the environment before printing this email.”
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Get User with Group membership in a file.

[David W. McSpadden]

Got it.

Thansk

 

  _  

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, May 19, 2010 2:27 PM
To: NT System Admin Issues
Subject: RE: Get User with Group membership in a file.

 

Anywhere the ds* tools are installed.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, May 19, 2010 2:13 PM
To: NT System Admin Issues
Subject: RE: Get User with Group membership in a file.

 

Ran from the DC?

 

  _  

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, May 19, 2010 2:11 PM
To: NT System Admin Issues
Subject: RE: Get User with Group membership in a file.

 

Dunno why it fails for you, but this is much easier:

 

dsquery * forestroot -filter objectcategory=user -attr cn memberOf

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, May 19, 2010 1:58 PM
To: NT System Admin Issues
Subject: Get User with Group membership in a file.

 

I have to get all my ad users and their group membership to a file and I
have them in two CN's

 

On Error Resume Next

 

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

 

Set objOU = GetObject _

("LDAP://cn=Users,dc=imcu,dc=local")

  

ObjOU.Filter= Array("user")

 

For Each objUser in objOU

WScript.Echo objUser.cn & " is a member of: " 

WScript.Echo vbTab & "Primary Group ID: " & _

objUser.Get("primaryGroupID")

  

arrMemberOf = objUser.GetEx("memberOf")

  

If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then

For Each Group in arrMemberOf

WScript.Echo vbTab & Group

Next

Else

WScript.Echo vbTab & "memberOf attribute is not set"

Err.Clear

End If

Wscript.Echo 

Next

 

I also have a Cn No ScreenSaver Personnel.  But when I put it into the above
I get 0.

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<>

RE: Get User with Group membership in a file.

[David W. McSpadden]

Ran from the DC?

 

  _  

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, May 19, 2010 2:11 PM
To: NT System Admin Issues
Subject: RE: Get User with Group membership in a file.

 

Dunno why it fails for you, but this is much easier:

 

dsquery * forestroot -filter objectcategory=user -attr cn memberOf

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, May 19, 2010 1:58 PM
To: NT System Admin Issues
Subject: Get User with Group membership in a file.

 

I have to get all my ad users and their group membership to a file and I
have them in two CN's

 

On Error Resume Next

 

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

 

Set objOU = GetObject _

("LDAP://cn=Users,dc=imcu,dc=local")

  

ObjOU.Filter= Array("user")

 

For Each objUser in objOU

WScript.Echo objUser.cn & " is a member of: " 

WScript.Echo vbTab & "Primary Group ID: " & _

objUser.Get("primaryGroupID")

  

arrMemberOf = objUser.GetEx("memberOf")

  

If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then

For Each Group in arrMemberOf

WScript.Echo vbTab & Group

Next

Else

WScript.Echo vbTab & "memberOf attribute is not set"

Err.Clear

End If

Wscript.Echo 

Next

 

I also have a Cn No ScreenSaver Personnel.  But when I put it into the above
I get 0.

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<>

RE: Possible false-positive for Vipre

[David W. McSpadden]

Here in Indianapolis we had a funky converter box and all we got was HBO.
For about two years.  Then a form of cable came in and we got some more
channels.

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, May 18, 2010 8:06 PM
To: NT System Admin Issues
Subject: Re: Possible false-positive for Vipre

On Tue, May 18, 2010 at 7:19 PM, Micheal Espinola Jr
 wrote:
> Yep, it was a point-to-point service (or something like that).  You got a
> special directional antenna attached to your roof.

  Are you sure you're not thinking of old-fashioned satellite TV?  Not
the modern mini-dish stuff; I'm talking about the giant C-band dishes.
 They're used by TV networks to distribute their programming from
central studios to local broadcast points and cable head-ends.  The
occasional home AV snob would have a receiver.  The programming was
all transmitted in the clear so there was nothing stopping people
other than the (usually significant) expense of the equipment.

> Can anyone correct me if I am wrong?

  The always-reliable Wikipedia  says that HBO began as one of
the first pay TV services using underground cable in Manhattan, and
Manhattan only.  It later added satellite distribution.

http://en.wikipedia.org/wiki/HBO

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Possible false-positive for Vipre

[David W. McSpadden]

HBO, Star, then Showtime, Star channel would later help you get that great
big dish in your side yard I think.

 

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, May 18, 2010 7:20 PM
To: NT System Admin Issues
Subject: Re: Possible false-positive for Vipre

 

Yep, it was a point-to-point service (or something like that).  You got a
special directional antenna attached to your roof.  First was HBO from what
I can recall.  Second was, umm, the Star Channel?  (not to be confused with
the modern Stars network channel)...

Can anyone correct me if I am wrong?

--
ME2



On Tue, May 18, 2010 at 3:27 PM, Phillip Partipilo  wrote:

There was HBO before cable TV?

 

 

Phillip Partipilo

Parametric Solutions Inc.

Jupiter, Florida

(561) 747-6107

 

 

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, May 18, 2010 2:52 PM


To: NT System Admin Issues
Subject: Re: Possible false-positive for Vipre

 

HARDWARE WARS!!!   Nice reference!



I remember seeing that as a "short" on HBO, wy before cable TV...

--
ME2

On Tue, May 18, 2010 at 10:30 AM, Charlie Kaiser 
wrote:

Help me Augie Ben-Doggie; you're my only hope...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


> -Original Message-
> From: greg.swe...@actsconsulting.net
> [mailto:greg.swe...@actsconsulting.net]

> Sent: Tuesday, May 18, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: RE: Possible false-positive for Vipre
>

> I'm afraid my mission to bring you to Alderaan(Vipre Forum)
> has failed. I've placed information vital to the survival of
> the rebellion(your PC) into the memory systems of this R2 unit.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Possible false-positive for Vipre

[David W. McSpadden]

Don't you mean ME2 unit?

 

  _  

From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net]

Sent: Tuesday, May 18, 2010 1:14 PM
To: NT System Admin Issues
Subject: RE: Possible false-positive for Vipre

 

I'm afraid my mission to bring you to Alderaan(Vipre Forum) has failed. I've
placed information vital to the survival of the rebellion(your PC) into the
memory systems of this R2 unit.  

 

**Memory**

http://supportforums.sunbeltsoftware.com/

 

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Tuesday, May 18, 2010 1:04 PM
To: NT System Admin Issues
Subject: RE: Possible false-positive for Vipre

 

This is not the forum I am looking for.

 

 

Whoa dude you need to watch that hand waving.  I just about left Mos
Eisley..

 

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, May 18, 2010 1:02 PM
To: NT System Admin Issues
Subject: Re: Possible false-positive for Vipre

 



This is not the forum you are looking for.

--
ME2

On Mon, May 17, 2010 at 7:21 AM, John Aldrich 
wrote:

An app that is supposed to keep your flash drives "clean" is called "flash
disinfector" and Vipre Enterprise is alerting on it as containing a Trojan.
Anyone got any clue whether this is a valid alert?

 

  

 

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~<><>

RE: Possible false-positive for Vipre

[David W. McSpadden]

This is not the forum I am looking for.

 

 

Whoa dude you need to watch that hand waving.  I just about left Mos
Eisley..

 

 

  _  

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, May 18, 2010 1:02 PM
To: NT System Admin Issues
Subject: Re: Possible false-positive for Vipre

 



This is not the forum you are looking for.

--
ME2



On Mon, May 17, 2010 at 7:21 AM, John Aldrich 
wrote:

An app that is supposed to keep your flash drives "clean" is called "flash
disinfector" and Vipre Enterprise is alerting on it as containing a Trojan.
Anyone got any clue whether this is a valid alert?

 

  

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Calling service

[David W. McSpadden]

Let you know.  Thanks.

 

  _  

From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Monday, May 17, 2010 9:57 AM
To: NT System Admin Issues
Subject: RE: Calling service

 

I sit on the board of the SCPA ( Southeastern Continuity Planners
Association http://www.scpa-us.org ) and last August one of the presenters
was Rally Point.  They had an interesting twist on disaster scenario
communications , worth checking out :  http://www.myrallypoint.net/

I can probably find a more personalized contact for you if you're still
interested with what you see on their site.

 

Erik Goldoff

IT  Consultant

Systems, Networks, & Security 

'  Security is an ongoing process, not a one time event ! '

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Monday, May 17, 2010 9:46 AM
To: NT System Admin Issues
Subject: Calling service

 

Any ideas for companies that will call a group of people for you.

 

We are looking (just thinking about) for a service that will call and answer
back calls in case of a disaster.  So the Plan administrator make 1 call and
the service notifies and records who has received the calls etc.

Any info would be greatly appreciated.

 

 

 

"Please consider the environment before printing this email."

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Tues Funny: New IP Lookup Tool

[David W. McSpadden]

b

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, May 12, 2010 10:20 AM
To: NT System Admin Issues
Subject: Re: Tues Funny: New IP Lookup Tool

Yes, that would make me very angora-y.

On Wed, May 12, 2010 at 05:17, Richard Stovall  wrote:
> In other news, chevre-elry is dead after all.
> http://news.bbc.co.uk/2/hi/europe/8428650.stm
>
> On Tue, May 11, 2010 at 8:25 PM, Erik Goldoff  wrote:
>>
>> Groan, that was baaa’d
>>
>>
>>
>> Erik Goldoff
>>
>> IT  Consultant
>>
>> Systems, Networks, & Security
>>
>> '  Security is an ongoing process, not a one time event ! '
>>
>> From: Sam Cayze [mailto:sam.ca...@rollouts.com]
>> Sent: Tuesday, May 11, 2010 4:59 PM
>>
>> To: NT System Admin Issues
>> Subject: Tues Funny: New IP Lookup Tool
>>
>>
>>
>> http://ipgoat.com/
>>
>>
>>
>> [Click the goat]
>>
>>
>>
>> Sorry.
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VPN issue

[David W. McSpadden]

Maybe stop it and just use the ipv4 and see if it works?

 

  _  

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Tuesday, May 11, 2010 2:33 PM
To: NT System Admin Issues
Subject: Re: VPN issue

 

Yes.

On Tue, May 11, 2010 at 2:30 PM, David W. McSpadden  wrote:

Do you still have ipv6 running?

 

 

  _  

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Tuesday, May 11, 2010 2:27 PM 


To: NT System Admin Issues
Subject: Re: VPN issue

 

Update.

I installed the latest version of the Cisco VPN client (removed the orig
first) and it does connect to the concentrator (I can see the session). I'm
thinking this is a Windows 7 thing as it shows connected to a public network
(which it is, and I can surf). I cannot ping to any device on the LAN
though.

On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith 
wrote:

But that doesn't meet the OP's need of being able to connect to a Cisco
device, does it? (I spent 3 minutes on the website, so I could be wrong -
please correct me if so.)


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com <http://theessentialexchange.com/> 

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, May 11, 2010 2:08 PM
To: NT System Admin Issues
Subject: Re: VPN issue

On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden  wrote:
> Some of the admins here had freeware vpn clients that would work. 
> They talked about them within the last two months.

 We use OpenVPN.  I can talk more about it if anyone cares.  (You all know I
love the sound of my own voice... er, keystrokes.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: VPN issue

[David W. McSpadden]

Do you still have ipv6 running?

 

 

  _  

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Tuesday, May 11, 2010 2:27 PM
To: NT System Admin Issues
Subject: Re: VPN issue

 

Update.

I installed the latest version of the Cisco VPN client (removed the orig
first) and it does connect to the concentrator (I can see the session). I'm
thinking this is a Windows 7 thing as it shows connected to a public network
(which it is, and I can surf). I cannot ping to any device on the LAN
though.

On Tue, May 11, 2010 at 2:19 PM, Michael B. Smith 
wrote:

But that doesn't meet the OP's need of being able to connect to a Cisco
device, does it? (I spent 3 minutes on the website, so I could be wrong -
please correct me if so.)


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com <http://theessentialexchange.com/> 



-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, May 11, 2010 2:08 PM
To: NT System Admin Issues
Subject: Re: VPN issue

On Tue, May 11, 2010 at 1:29 PM, David W. McSpadden  wrote:
> Some of the admins here had freeware vpn clients that would work. 
> They talked about them within the last two months.

 We use OpenVPN.  I can talk more about it if anyone cares.  (You all know I
love the sound of my own voice... er, keystrokes.)

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: VPN issue

[David W. McSpadden]

Some of the admins here had freeware vpn clients that would work.  They
talked about them within the last two months.

 

 

  _  

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Tuesday, May 11, 2010 1:16 PM
To: NT System Admin Issues
Subject: Re: VPN issue

 

And of course we don't have any Cisco support..

On Tue, May 11, 2010 at 12:24 PM, Damien Solodow
 wrote:

Windows 7 is only supported with version 5.06+ so I would upgrade the Cisco
vpn client first. 
-- 
Sent using BlackBerry 

 

  _  

From: Cameron  
To: NT System Admin Issues  
Sent: Tue May 11 12:14:28 2010
Subject: VPN issue 

Good day all!

 

Win 7 (patched)

Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator

Connection - Wireless Internet Stick

 

The VPN client connects and authenticates, but does not allow pinging within
the corporate network. Obviously this means that no applications that need
to connect to corp servers are working. (Lower version client has no issues
with XP - same authentication settings). The concentrator does show me
connected so I'm pretty sure it's at the O/S level that something is being
blocked.

 

I've tried all sorts of changes, but apparently I'm missing something
somewhere.

 

Any ideas? !

 

Cheers,

Cameron

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: VPN issue

[David W. McSpadden]

I thought you had to move to AnyConnect for Windows Vista and 7 to work?

 

  _  

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Tuesday, May 11, 2010 12:14 PM
To: NT System Admin Issues
Subject: VPN issue

 

Good day all!

 

Win 7 (patched)

Cisco VPN client version 5.0.01.0600 connecting to Cisco VPN concentrator

Connection - Wireless Internet Stick

 

The VPN client connects and authenticates, but does not allow pinging within
the corporate network. Obviously this means that no applications that need
to connect to corp servers are working. (Lower version client has no issues
with XP - same authentication settings). The concentrator does show me
connected so I'm pretty sure it's at the O/S level that something is being
blocked.

 

I've tried all sorts of changes, but apparently I'm missing something
somewhere.

 

Any ideas? !

 

Cheers,

Cameron

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Wireless Routers

[David W. McSpadden]

What do you mean, an African or European Swallow?

 

  _  

From: Andy Shook [mailto:andy.sh...@peak10.com] 
Sent: Monday, May 10, 2010 10:26 AM
To: NT System Admin Issues
Subject: RE: Wireless Routers

 

Another silly question;

 

What's the airspeed velocity of an un-laden swallow? 

 

Shook

 

From: Cameron [mailto:cameron.orl...@gmail.com] 
Sent: Monday, May 10, 2010 10:20 AM
To: NT System Admin Issues
Subject: Re: Wireless Routers

 

Silly question, but did you try resetting the original one back to factory
specs?

On Mon, May 10, 2010 at 10:17 AM, John Aldrich
 wrote:

This weekend, I spent about 4 hours working at a client's site (side job)
trying to get their desktop to link up to their existing wireless router
(Netgear.) I never succeeded and I was also unable to get my Dell laptop to
talk to their wireless router. After fussing with it for over  2 hours, I
went to Walmart and bought a WRT54GS2 Linksys wireless (same exact model I
have at home) and hooked it up. Instant success. 

Long story short - if I ever have a job where I can't get the wireless to
connect, and the user has a Netgear wireless router, I'm not even going to
spend time on it, I'll just tell the client I'm going to go buy a different
router that *will* work and get another Linksys.

Just thought I'd pass this along for anyone who's looking for a new wireless
router. :-)

 

  

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Tool to find wireless password

[David W. McSpadden]

Airshark?

Wireshark?

 

 

  _  

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Friday, May 07, 2010 3:53 PM
To: NT System Admin Issues
Subject: Tool to find wireless password

 

I've got a client on the side who I'm adding wireless to his desktop for
him. I don't know if he knows the wireless passcode or not. On the off
chance he doesn't, I know there are some tools to "crack" the passcode on a
machine that has it already. Can anyone point this out to me?

 

Thanks!

 

  

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Computers becoming unresponsive accross entire network.

[David W. McSpadden]

Ok.  That is two bad defs in two weeks?

1 Vipre
1 McAfee?
Next is Trend?

-Original Message-
From: Luke [mailto:tesla...@gmail.com] 
Sent: Friday, May 07, 2010 11:45 AM
To: NT System Admin Issues
Subject: RE: Computers becoming unresponsive accross entire network.

Turned out to be a bad Deff. Bad def = 6274.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Symantec Acquires PGP

[David W. McSpadden]

+1

-Original Message-
From: Angus Scott-Fleming [mailto:angu...@geoapps.com] 
Sent: Tuesday, May 04, 2010 12:12 AM
To: NT System Admin Issues
Subject: Re: Symantec Acquires PGP

On 3 May 2010 at 9:23, David W. McSpadden  wrote:

> Pretty Good Protection
> 
> To
> 
> Probably Great POS

I think you meant "Phormerly Great ..." ;-)

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Symantec Acquires PGP

[David W. McSpadden]

Pretty Good Protection

To

Probably Great POS

-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Monday, May 03, 2010 9:04 AM
To: NT System Admin Issues
Subject: RE: Symantec Acquires PGP

Don't know if it is better news or not, but Secure Computing was bought by
McAfee, not Symantec.

-Malcolm

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Friday, April 30, 2010 23:56
To: NT System Admin Issues
Subject: Re: Symantec Acquires PGP

On Thu, Apr 29, 2010 at 09:00, Jonathan Link 
wrote:
> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci15
> 2,00.html?track=NL-102&ad=763391&asrc=EM_NLN_11453454&uid=9835724
>
> FRAK!

I share that sentiment. They bought Secure Computing last year, which really
bummed me out, because I love my Sidewinders.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: WTF? Fake AV

[David W. McSpadden]

Simply because they wanted to get there foot in the door in more places than
anyone else.  Simple security (no security) means everything just works.
No admin, no hassle.  Now we come to a different age and business and home
users are more mature with their pc's.  A more secure model needs to be in
place.  Simple economics and marketing beating out security.


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, April 28, 2010 11:28 AM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

While it's a nice debate, there's really no way to prove which is better.
However, let me ask you this, Steven: If the Microsoft security model is so
good, why did it take them so long to make it harder to run as a local admin
by default?




-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, April 28, 2010 11:20 AM
To: NT System Admin Issues
Subject: RE: WTF? Fake AV

I'm not sure how you draw the conclusion that it probably wouldn't be as
bad.

I'd also suggest that there's a significant anti-MS sentiment that makes it
a specific target. Along with the fact that I suspect that gunning for the
#1 platform makes extrapolating OS share to virus infection target rate a
non-linear exercise.

-sc

> -Original Message-
> From: Carl Houseman [mailto:c.house...@gmail.com]
> Sent: Wednesday, April 28, 2010 11:13 AM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> I started to reply to that remark too, then I had a little debate with
myself
> whether I could make a good point... given that Macs have had a non-admin
> user default for some time, while Microsoft did nothing to encourage users
> to not be admins until Vista.
> 
> Certainly if the tables were turned and Macs had 92% of the worldwide
> market share, the infection rate of Macs would be much higher than we see
> today.  But it probably wouldn't be nearly as bad as Windows overall is
today.
> 
> Carl
> 
> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Wednesday, April 28, 2010 11:00 AM
> To: NT System Admin Issues
> Subject: RE: WTF? Fake AV
> 
> > While I am not a huge fan of MACS, their security model is obviously
> > much better than Windows
> 
> I'd suggest that's an ill-drawn conclusion.
> 
> -sc
> 
> > -Original Message-
> > From: greg.swe...@actsconsulting.net
> > [mailto:greg.swe...@actsconsulting.net]
> > Sent: Wednesday, April 28, 2010 10:19 AM
> > To: NT System Admin Issues
> > Subject: RE: WTF? Fake AV
> >
> > Are there any reports out there that show Windows 7 running with UAC
> > that its minimizes the infections of spyware.
> > While I am not a huge fan of MACS, their security model is obviously
> > much better than Windows.  I am hoping that with Win 7 and their
> > requirement to run as admin similar to the Unix model that it will
> > help minimize this.  Even with users not in admin group in Windows XP,
> > Vista I have seen malware get right on and hose a machine.
> > Of course with Windows 7 if you make someone a local admin and disable
> > the UAC you are back to the XP model of security.
> >
> > Of all our support requests I would say 40% at least are malware
> > related probably higher..
> >
> > I see this as an OS security issue not a 3rd party program issue.
> >
> > Greg
> > -Original Message-
> > From: Tammy [mailto:copper...@personainternet.com]
> > Sent: Wednesday, April 28, 2010 10:11 AM
> > To: NT System Admin Issues
> > Subject: RE: WTF? Fake AV
> >
> > Everyone seems to be having these issues of the rogues slipping through.
> > Not just any one AV.
> > 70 thousand or so new ones released daily so it is difficult for
> > anyone to keep up.
> > More explained here by Eric Howes
> >
> > http://www.sunbeltsecuritynews.com/
> >
> > Regards,
> >
> > Tammy Stewart
> > Malware Removal Specialist
> > Sunbelt Software
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> >   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Officially Unemployed

[David W. McSpadden]

OT.
My cousin found her husband(Now ex)on there.  Looking for some 
Hope he found some because there isn't any at home anymore
:-)

-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org] 
Sent: Tuesday, April 27, 2010 2:16 PM
To: NT System Admin Issues
Subject: RE: Officially Unemployed

+1. All my gigs the past 7 years or so have come from Craigslist. There's
also a metasearch site for CL called searchtempest.com that lets you search
multiple locations with various criteria and display the results all on one
page...

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***  

> -Original Message-
> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
> Sent: Tuesday, April 27, 2010 10:54 AM
> To: NT System Admin Issues
> Subject: Re: Officially Unemployed
> 
> Definitely open your eyes to CL.  You'd be surprised at what 
> gets posted there.
> 
> --
> ME2


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: my apologies to all

[David W. McSpadden]

It's not just you Erik.  ME2 asked early if anyone else had seen it from
others and I have on a couple of other lists you are not on so it was just
your girlfriend's laptop that was affected.


-Original Message-
From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Monday, April 26, 2010 8:52 AM
To: NT System Admin Issues
Subject: my apologies to all

I was in North Carolina to attend a wedding, and forgot my laptop power
supply.  I logged into gmail from my girlfriend's computer ( it did have
Norton on it ) and within a minute a hundred or more of these spam messages
flew out using my account.

I immediately changed passwords and yanked Norton off her system and cleaned
it up, installed AVG and malwarebytes.

again my sincere apologies, and yes, embarassing for me.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Copier Hard Drives and sensitive data?

[David W. McSpadden]

If you trash the hard drive will it still function?
If it is leased will that null the agreement and cost you in the end?

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Sunday, April 25, 2010 11:00 PM
To: NT System Admin Issues
Subject: Re: Copier Hard Drives and sensitive data?

It's not FUD.

Copiers have hard drives, which often store things that users copy, or
use as document templates.

Trashing the hard drive before disposing of them is good practice,
especially if they're leased.

Kurt



On Fri, Apr 23, 2010 at 07:49, David Mazzaccaro
 wrote:
> This article is full of FUD.  Read the comments...
> Here's the link.. it was CBS...
> http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
>
> 
> From: David McSpadden [mailto:dav...@imcu.com]
> Sent: Friday, April 23, 2010 10:47 AM
> To: NT System Admin Issues
> Subject: Copier Hard Drives and sensitive data?
>
> Operations Officer comes to me this morning and asks if we wipe our
copiers
> clean before we give them away or throw them away.
>
> I say we clean everything before we ever let it go out of our department
but
> why are you asking about copiers.  He proceeds to tell me about a 20/20 or
> 60 minutes spot where some person but 5 copiers and got all kinds of
> personal info from police departments and what not’s because copiers have
> hard drives in them and they retain everything that is copied to them over
> time.
>
>
>
> So, is this true?
>
>
>
> If so is there a way to ‘clean’ them before reselling them or trashing
them
> and still keeping them functional?
>
>
>
>
>
>
>
>
>
> .
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Copier Hard Drives and sensitive data?

[David W. McSpadden]

Thanks.

I think these two should settle him down a little.

 

  _  

From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] 
Sent: Friday, April 23, 2010 10:51 AM
To: NT System Admin Issues
Subject: RE: Copier Hard Drives and sensitive data?

 

FYI - Here is Xerox's response:

~~~

April 20, 2010 

 

Re:  Digital Photocopiers Loaded With Secrets - CBS News Story

 

Periodically stories focusing on digital copier or multifunctional product
security surface in the media.

 

Xerox has been at the forefront of the digital copier product security
movement that began in January 2000, when the Federal Government released an
instruction called NTISSP 11.  This instruction required agencies of the
Federal Government insure the secure functioning of network-connected
devices, even those that fell into the COTS (commercial, off-the-shelf)
classification.

 

An element of secure functionality is to actively remove any residual data.
Residual data is what remains behind in electronic memory or on disk drives
after any function (copy, print, scan, fax) has been completed.  Xerox
addressed that requirement first in 2001 with an optional feature called
'Disk Image Overwrite' that would 'scrub' the disk drives in accordance with
US Department of Defense specifications, the most stringent requirement at
that time.  That capability moved through most of our product portfolio
after 2001, and now is available in nearly every disk equipped product Xerox
offers.

 

At the end of 2006 Xerox made the decision to include the Disk Image
Overwrite option as a standard feature on most of the products in the Office
portfolio, and to allow installation of the option at no charge on the
products in customer sites that previously offered the option for a fee.

 

At the same time, Xerox also instituted a program allowing customers to
purchase disk drives, at an attractive price, from any Xerox product at the
end of lease or product removal.  The purpose of this program is two-fold:
to allow very high-security locations positive control of the disk drive,
and to provide a secure solution for earlier products that did not offer a
Disk Image Overwrite capability.

 

Selected Xerox products are submitted for an exhaustive security testing and
certification process, known as "The Common Criteria for Information
Technology Security Evaluation", or, in shorthand, "The Common Criteria".
The Common Criteria Mutual Recognition Arrangement is comprised of 26 member
nations that test and certify information technology products to common
security guidelines.

 

Xerox has enjoyed a competitive advantage for several years as the only MFP
vendor to certify the entire product, including all components and
functions.  Other vendors have certified only small parts of their products,
leaving untested potential vulnerabilities.  See
www.commoncriteriaportal.org   for
more information.

 

We have an active and informational security component of our public-facing
web presence.  Guidance is offered on this site for secure operation of
Xerox products.  See www.xerox.com/security

 

There is also a very active security-focused community of practice inside
Xerox addressing not just our product security, but security of our
transactional business and that of the Xerox infrastructure.  

 

In summary, Xerox is very well equipped to address any concerns that might
be generated by stories of this type, and has enjoyed a leadership role in
product security for the last 8 years or so.  We are striving to keep that
leadership position

 



 

  _  

From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] 
Sent: Friday, April 23, 2010 10:50 AM
To: NT System Admin Issues
Subject: RE: Copier Hard Drives and sensitive data?

This article is full of FUD.  Read the comments...

Here's the link.. it was CBS...

 
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml 

 

 

  _  

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, April 23, 2010 10:47 AM
To: NT System Admin Issues
Subject: Copier Hard Drives and sensitive data?

Operations Officer comes to me this morning and asks if we wipe our copiers
clean before we give them away or throw them away.

I say we clean everything before we ever let it go out of our department but
why are you asking about copiers.  He proceeds to tell me about a 20/20 or
60 minutes spot where some person but 5 copiers and got all kinds of
personal info from police departments and what not's because copiers have
hard drives in them and they retain everything that is copied to them over
time.  

 

So, is this true?

 

If so is there a way to 'clean' them before reselling them or trashing them
and still keeping them functional? 

 

 

 

 


.

 

 


.

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! 

RE: question on cat-6 and 480V together

[David W. McSpadden]

See I wasn't sure of the physics on it.  But what you are saying makes more
sense than that crap I was saying. 
Thanks

-Original Message-
From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Wednesday, April 07, 2010 8:30 AM
To: NT System Admin Issues
Subject: RE: question on cat-6 and 480V together

It's actually the opposite.

If at all possible, try to cross electrical cables, and signal cables
(including UTP) at right angles.

The magnetic lines of flux induce more signal noise on parallel
conductors than it does perpendicular conductors.

Now, a CAT 5/6 cable running on top of fluorescent fixtures... all bets
are probably off. The wiring and ballasts inside those could be oriented
all over the map.

-sc

> -Original Message-
> From: David W. McSpadden [mailto:dav...@imcu.com]
> Sent: Wednesday, April 07, 2010 8:26 AM
> To: NT System Admin Issues
> Subject: RE: question on cat-6 and 480V together
> 
> I thought the actually problem with electrical currents and network
cable was
> (Pun intended) crossing the streams.  What I mean to say is that as
long as
> you run the cables parallel to each other throughout the line the
affect is
> very minimal with regards to depreciated signal strength but if you
were to
> wrap one are the other or cross them the electric current would act as
a
> magnetic and suck the signal out of the cable
> This is very tricky stuff you are wanting to try but I think that you
could pull it
> off but test it first.  You may have to run your cable the full 18
inches apart
> from electrical...
> 
> 
> -Original Message-
> From: Eldridge, Dave [mailto:d...@parkviewmc.com]
> Sent: Wednesday, April 07, 2010 8:18 AM
> To: NT System Admin Issues
> Subject: RE: question on cat-6 and 480V together
> 
> I know it's amazing it might just work fine. :) Lucky I do have an
excellent
> cable guy that is also researching this. We will have shielded,
outdoor rated
> cat6E with some sort of lightning protection. This will be extended
thru
> May/June and this is Colorado. I will looking into separation even by
a few
> inches.
> 
> -Original Message-
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Wednesday, April 07, 2010 6:12 AM
> To: NT System Admin Issues
> Subject: RE: question on cat-6 and 480V together
> 
> Not best practice, but how many of our cable installations actually
are
> installed according to best practice? I've had to get on cabling
cntractors for
> laying cable directly on top of a 277v fluorescent fixture... *sigh*
(I got a new
> cabling contractor!)
> 
> I've never tried what you're being asked to do, but here are my
thoughts...
> 
> As for your specific situation, it may work just fine. Ideally you'd
want to have
> them separated by at least several inches, if possible. I'd probably
specify
> shielded Cat6, outdoor rated cable to be on the safe side. Also, there
may be
> a specific cable type for suspended cable runs.
> Finally, I'd consider lightning protection on both ends once inside
the
> building, in order to protect your equipment.
> 
> Jonathan L. Raper, MCSE
> 
> Sent from my Windows Mobile (r) enabled Smartphone. Please excuse
> brevity & any misspellings.
> 
> 
> From: Eldridge, Dave 
> Sent: Wednesday, April 07, 2010 7:55 AM
> To: NT System Admin Issues 
> Subject: OT: question on cat-6 and 480V together
> 
> I am being told that one of our MRI machines is temporarily moving to
a
> trailer out on the street and they want to pull overhead a cat-6 and
3phase
> 480V together. Way out of my league. Anyone see any noise issues with
> these tied together? Anything else I'm missing?
> thanks
> 
> 
> This e-mail contains the thoughts and opinions of the sender and does
not
> represent official Parkview Medical Center policy.
> 
> This communication is intended only for the recipient(s) named above,
may
> be confidential and/or legally privileged: and, must be treated as
such in
> accordance with state and federal laws. If you are not the intended
recipient,
> you are hereby notified that any use of this communication, or any of
its
> contents, is prohibited. If you have received this communication in
error,
> please return to sender and delete the message from your computer
> system.
> 
> 
> 
> 
> 
> 
> Any medical information contained in this electronic message is
> CONFIDENTIAL and privileged. It is unlawful for unauthorized persons
to
> view, copy, disclose, or disseminate CONFIDENTIAL information. This
> electronic message may contain information that is confidential and/or
legally
> privileged. It is intended only for the use 

RE: question on cat-6 and 480V together

[David W. McSpadden]

I thought the actually problem with electrical currents and network cable
was (Pun intended) crossing the streams.  What I mean to say is that as long
as you run the cables parallel to each other throughout the line the affect
is very minimal with regards to depreciated signal strength but if you were
to wrap one are the other or cross them the electric current would act as a
magnetic and suck the signal out of the cable
This is very tricky stuff you are wanting to try but I think that you could
pull it off but test it first.  You may have to run your cable the full 18
inches apart from electrical...


-Original Message-
From: Eldridge, Dave [mailto:d...@parkviewmc.com] 
Sent: Wednesday, April 07, 2010 8:18 AM
To: NT System Admin Issues
Subject: RE: question on cat-6 and 480V together

I know it's amazing it might just work fine. :)
Lucky I do have an excellent cable guy that is also researching this. We
will have shielded, outdoor rated cat6E with some sort of lightning
protection. This will be extended thru May/June and this is Colorado. I
will looking into separation even by a few inches.

-Original Message-
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Wednesday, April 07, 2010 6:12 AM
To: NT System Admin Issues
Subject: RE: question on cat-6 and 480V together

Not best practice, but how many of our cable installations actually are
installed according to best practice? I've had to get on cabling
cntractors for laying cable directly on top of a 277v fluorescent
fixture... *sigh* (I got a new cabling contractor!)

I've never tried what you're being asked to do, but here are my
thoughts...

As for your specific situation, it may work just fine. Ideally you'd
want to have them separated by at least several inches, if possible. I'd
probably specify shielded Cat6, outdoor rated cable to be on the safe
side. Also, there may be a specific cable type for suspended cable runs.
Finally, I'd consider lightning protection on both ends once inside the
building, in order to protect your equipment.

Jonathan L. Raper, MCSE

Sent from my Windows Mobile (r) enabled Smartphone. Please excuse
brevity & any misspellings.


From: Eldridge, Dave 
Sent: Wednesday, April 07, 2010 7:55 AM
To: NT System Admin Issues 
Subject: OT: question on cat-6 and 480V together

I am being told that one of our MRI machines is temporarily moving to a
trailer out on the street and they want to pull overhead a cat-6 and
3phase 480V together. Way out of my league. Anyone see any noise issues
with these tied together? Anything else I'm missing?
thanks


This e-mail contains the thoughts and opinions of the sender and does
not represent official Parkview Medical Center policy.

This communication is intended only for the recipient(s) named above,
may be confidential and/or legally privileged: and, must be treated as
such in accordance with state and federal laws. If you are not the
intended recipient, you are hereby notified that any use of this
communication, or any of its contents, is prohibited. If you have
received this communication in error, please return to sender and delete
the message from your computer system.






Any medical information contained in this electronic message is
CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to
view, copy, disclose, or disseminate CONFIDENTIAL information. This
electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s)
and/or entity named as recipients in the message. If you are not an
intended recipient of this message, please notify the sender immediately
and delete this material from your computer. Do not deliver, distribute
or copy this message, and do not disclose its contents or take any
action in reliance on the information that it contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 7 English 64-bit iso from microsoft.

[David W. McSpadden]

IE8.
I finally just downloaded it at home.
Here at work I can download 32-bit but the 64-bit fails to connect.
I worked with MS but they show that it works so it must be on my end.
I have an Ironport URL Filter device and an ASA Firewall.  I am sure one or
both of them is the culprit but I am just confused because of the 32-bit
download working??
Doesn't matter now though I have the iso image and I am begining the
rebuild.
 

  _  

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Monday, April 05, 2010 8:20 PM
To: NT System Admin Issues
Subject: Re: Windows 7 English 64-bit iso from microsoft.


What browser are you using? 


Are you using the download assistant tool?   I find it works best from IE
(or direct via Chrome)

-ASB: http://XeeSM.com/AndrewBaker



On Mon, Apr 5, 2010 at 9:22 AM, David W. McSpadden  wrote:


The product that fails is X15-71037

  _  

From: Martin Blackstone [mailto:mblackst...@gmail.com] 
Sent: Monday, April 05, 2010 9:03 AM
To: NT System Admin Issues
Subject: RE: Windows 7 English 64-bit iso from microsoft.



>From where? e-Open? TechNet? MSDN??

 

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Monday, April 05, 2010 6:00 AM
To: NT System Admin Issues
Subject: Windows 7 English 64-bit iso from microsoft.

 

Can anybody get this to download from the Microsoft website.  I can get
32-bit 100% of the time but I want to test with 64-bit and the download
keeps failing.

I have a case open the Microsoft but they are not moving very quickly.  I am
wondering if it is me or the site??

Can anyone else get it to download?

 

 

 



 



 



 






 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows 7 English 64-bit iso from microsoft.

[David W. McSpadden]

The product that fails is X15-71037

  _  

From: Martin Blackstone [mailto:mblackst...@gmail.com] 
Sent: Monday, April 05, 2010 9:03 AM
To: NT System Admin Issues
Subject: RE: Windows 7 English 64-bit iso from microsoft.



>From where? e-Open? TechNet? MSDN??

 

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Monday, April 05, 2010 6:00 AM
To: NT System Admin Issues
Subject: Windows 7 English 64-bit iso from microsoft.

 

Can anybody get this to download from the Microsoft website.  I can get
32-bit 100% of the time but I want to test with 64-bit and the download
keeps failing.

I have a case open the Microsoft but they are not moving very quickly.  I am
wondering if it is me or the site??

Can anyone else get it to download?

 

 

 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 7 English 64-bit iso from microsoft.

[David W. McSpadden]

Martin,
Sorry having a Monday morning:
Volume Licensing Service Center
 
https://www.microsoft.com/licensing/servicecenter/Software/Product.aspx?d=/w
EPBQIxNwUDNzUx

  _  

From: Martin Blackstone [mailto:mblackst...@gmail.com] 
Sent: Monday, April 05, 2010 9:03 AM
To: NT System Admin Issues
Subject: RE: Windows 7 English 64-bit iso from microsoft.



>From where? e-Open? TechNet? MSDN??

 

 

From: David McSpadden [mailto:dav...@imcu.com] 
Sent: Monday, April 05, 2010 6:00 AM
To: NT System Admin Issues
Subject: Windows 7 English 64-bit iso from microsoft.

 

Can anybody get this to download from the Microsoft website.  I can get
32-bit 100% of the time but I want to test with 64-bit and the download
keeps failing.

I have a case open the Microsoft but they are not moving very quickly.  I am
wondering if it is me or the site??

Can anyone else get it to download?

 

 

 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Migrating SMTP email to Exchange 2003

[David W. McSpadden]

Thanks.
I will continue to read and re-read as much as I can get my hands on.
Soon we are taking Cisco VOIP out of our Exchange and then I can upgrade to 
2007 or 2010 ...

Life is so much fun.

--
From: "Ben Scott" 
Sent: Monday, March 29, 2010 5:27 PM
To: "NT System Admin Issues" 
Subject: Re: Migrating SMTP email to Exchange 2003

On Mon, Mar 29, 2010 at 11:50 AM, David W. McSpadden  
wrote:

I have been given the green light to research bringing all mail in house
onto the Exchange 2003 server.


 And there was much rejoicing!

I have a Windows 2003 Active Directory domain.  I have an ASA firewall 
and

an Ironport for email.


 IronPort is a mail filtering appliance, right?  What does it do
currently?  What *can* it do?  If it has the features and the load
capacity, I would recommend having all your incoming *and* outgoing
mail go through the IronPort.  That helps you control and monitor mail
you send as well as receive.

-Globally change the smtp addresses for all users that already have 
external

accounts in Exchange to match.


 If you're not already using your Exchange server for other mail, I
would suggest modifying the recipient policy such that it
automatically generates an appropriate SMTP address as the Primary
address.  It generally doesn't hurt anything to have multiple systems
configured to generate mail with your "From" address.


-Add an mx record to point to an outward facing address such as
206.18.123.215
-Add a dns record for mail.imcu.com or pop.imcu.com and smtp.imcu.com?


 Close but not quite.  MX records take domain names (like
) on their RHS (Right Hand Side), not IP addresses.
So generally, you could create DNS records along these lines:

imcu.com. MX mail.imcu.com.
mail.imcu.com. A 206.18.123.215


-Add a route through the firewall to the ironport and a relay to the
exchange box. (incoming)


 Pretty much.  In more detail, to receive mail *from* other systems:

 You want the firewall to allow traffic with destination port TCP/25
to the IronPort.

 If your inside network NAT'ed?  If so, you also need the firewall
configured to do
port-forwarding/NAT/PAT/one-to-one-static-NAT/whatever-your-vendor-calls-it
between the public address and the IronPort.

 The IronPort should be configured to accept mail addressed *to* your
domain(s), and to forward that mail to your Exchange server.  You
generally cannot rely on DNS to tell your IronPort this, because DNS
will be telling your IronPort to deliver your mail to itself.

 You want your Exchange server configured to accept mail addressed
*to* your domain(s).  That's done with recipient policies, mentioned
above.

-Add a smtp route from exchange to the ironport and relay to the 
internet.

(outgoing)


 Again, that's the gist of it.  In detail, to send mail *to* other 
systems:


 You want the firewall configured to allow traffic with destination
port TCP/25 to any outside host, from either the IronPort or the
Exchange server.  (I recommend both even if you decide to have
Exchange relay outgoing mail through the IronPort.  If the IronPort
ever has trouble, you can reconfigure Exchange to bypass and send
direct.)

 You want the IronPort configured to relay mail from the Exchange
server to any outside system.  If you have other hosts which send
mail, add them, too.

 You want the Exchange server configured to relay all outgoing mail
through the IronPort.  This can be done just by designating the
IronPort as the "SMTP smart host".  You don't *need* an SMTP connector
for this.  If you create an SMTP connector (it won't hurt), then
configure it with a mail route to the IronPort, as you say.

 Eventually, you want most computers on your LAN to be denied if they
attempt to relay mail directly through the IronPort.  That would
indicate they are bypassing Exchange, which most of the time will be a
rogue system set-up without IT department knowledge, or a computer
compromised by malware to be a spam zombie.

-Import all Outlook Express mail into Exchange and the delete all mail 
from

the outlook express clients and remove the mailboxes from there.


 You may want to do the migration in stages.

 First, get the Exchange server configured to *send* mail.  You can
test that yourself by creating test accounts, logging in to other
users' PCs, etc.  Exchange won't know about any of the other mail
going on, but you can make sure it can send.

 Once you're sure that's working, migrate people from Outlook
Express/Win Mail/etc. to Outlook proper, but still configured to POP
mail from your current mail host.  That changes the client software,
and the mail storage and sending, but keeps mail coming in the old
way.  The advantage here is that you can back out an individual
client, or put the whole project on hold, without really disrupting
anything.  Since this is the big change in user experience, that's a
goo

Migrating SMTP email to Exchange 2003

[David W. McSpadden]

I am cross posting to the Exchange list as well.

I have and Exchange server (2003) that is basically underused.  (Internal mail 
only and some calendaring.)
I have a third party hosting my external mail (MailAnyone.net).

I have been given the green light to research bringing all mail in house onto 
the Exchange 2003 server.

I have a Windows 2003 Active Directory domain.  I have an ASA firewall and an 
Ironport for email.
I think to host I would need to do several of these things but I am not sure 
and I am not sure of the order.

-Globally change the smtp addresses for all users that already have external 
accounts in Exchange to match.
-Add an mx record to point to an outward facing address such as 206.18.123.215
-Add a dns record for mail.imcu.com or pop.imcu.com and smtp.imcu.com?
-Add a route through the firewall to the ironport and a relay to the exchange 
box. (incoming)
-Add a smtp route from exchange to the ironport and relay to the internet. 
(outgoing)
-Import all Outlook Express mail into Exchange and the delete all mail from the 
outlook express clients and remove the mailboxes from there.
-Add a spf record to the 206.18.123.215.

I know I am missing a lot and I need to verify that the mail that was going to 
the mailanyone and still be retrieved until we are sure all the mailboxes and 
distribution lists are working???


Sidenote my OWA stopped working a while back.  Nobody used it but me but if we 
go to this I will need to have it up and running.  Where do I look to find out 
why it has stopped.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 home network

[David W. McSpadden]

Beautiful. Thanks


From: Rod Trent 
Sent: Wednesday, March 24, 2010 2:08 PM
To: NT System Admin Issues 
Subject: RE: Windows 7 home network


http://www.howtogeek.com/howto/windows-7/share-files-and-printers-between-windows-7-and-xp/
 

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, March 24, 2010 2:04 PM
To: NT System Admin Issues
Subject: Windows 7 home network

 

My dad got a new Windows 7 home and he can see everything on the home network.  
But his xp pro can not see the Windows 7 on the home network.

What do I need to look at?

 

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Windows 7 home network

[David W. McSpadden]

My dad got a new Windows 7 home and he can see everything on the home network.  
But his xp pro can not see the Windows 7 on the home network.
What do I need to look at?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: 1gbps+ traffic?

[David W. McSpadden]

Actually not joking.
100mbps is all I have been able to fathom to the Internet
I know there are bigger but I actually thought above 100 they went away from 
copper to fiber.
I just can not fathom that kind of speed and monthly bill


From: Jonathan Link 
Sent: Thursday, March 18, 2010 9:22 AM
To: NT System Admin Issues 
Subject: Re: 1gbps+ traffic?


D'oh!


On Thu, Mar 18, 2010 at 9:19 AM, Steven M. Caesare  wrote:

  I’m not sure if you are joking or not…



  It’s not ludicrous for a LAN/WAN, of course… but that’s a reasonably beefy 
uplink to the Net, which is what Mark asked about.



  I believe NIH here has an uplink in that speed range, but I don’t touch it 
directly.



  -sc





  From: David W. McSpadden [mailto:dav...@imcu.com] 
  Sent: Thursday, March 18, 2010 9:15 AM 


  To: NT System Admin Issues
  Subject: Re: 1gbps+ traffic?




  Isn't that fiber??

  My God man with that is ludicrous speed!!



  From: Steven M. Caesare 

  Sent: Thursday, March 18, 2010 9:02 AM

  To: NT System Admin Issues 

  Subject: RE: 1gbps+ traffic?



  Gents… he said 1gbpS.



  That’s a rate… not an amount.



  I don’t’ have any direct experience with uplinks in that strata…



  -sc



  From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
  Sent: Thursday, March 18, 2010 8:47 AM
  To: NT System Admin Issues
  Subject: Re: 1gbps+ traffic?



  My nightly offsie backup is ~1 Gb, a little bit less some nights, a little 
bit more.  I haven't had time to shrink it yet.

  On Wed, Mar 17, 2010 at 8:22 PM, Sam Cayze  wrote:

  Over what period of time?

  Or do you mean a 1Gbps pipe?


  -Original Message-
  From: Marc Maiffret [mailto:marc.maiff...@fireeye.com]
  Sent: Wednesday, March 17, 2010 6:45 PM
  To: NT System Admin Issues
  Subject: 1gbps+ traffic?

  I am curious to talk to any folks on this list whom are peaking over
  1gig in bandwidth usage to the internet etc... Reply to me directly if
  you can. Thanks! -Marc

  Marc Maiffret
  Chief Security Architect
  FireEye, Inc.
  http://www.FireEye.com

  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~





 

 

 


 






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: 1gbps+ traffic?

[David W. McSpadden]

Isn't that fiber??
My God man with that is ludicrous speed!!


From: Steven M. Caesare 
Sent: Thursday, March 18, 2010 9:02 AM
To: NT System Admin Issues 
Subject: RE: 1gbps+ traffic?


Gents. he said 1gbpS.

 

That's a rate. not an amount.

 

I don't' have any direct experience with uplinks in that strata.

 

-sc

 

From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Thursday, March 18, 2010 8:47 AM
To: NT System Admin Issues
Subject: Re: 1gbps+ traffic?

 

My nightly offsie backup is ~1 Gb, a little bit less some nights, a little bit 
more.  I haven't had time to shrink it yet.

On Wed, Mar 17, 2010 at 8:22 PM, Sam Cayze  wrote:

Over what period of time?

Or do you mean a 1Gbps pipe?


-Original Message-
From: Marc Maiffret [mailto:marc.maiff...@fireeye.com]
Sent: Wednesday, March 17, 2010 6:45 PM
To: NT System Admin Issues
Subject: 1gbps+ traffic?

I am curious to talk to any folks on this list whom are peaking over
1gig in bandwidth usage to the internet etc... Reply to me directly if
you can. Thanks! -Marc

Marc Maiffret
Chief Security Architect
FireEye, Inc.
http://www.FireEye.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

 

 

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Disable MailEssentials except the dislaimer piece

[David W. McSpadden]

We are looking at the Disclaimer piece only. How do I install the 
MailEssentials and disable everything right off the bat?? 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: DNS Server service shuts down shortly after the DC boots

[David W. McSpadden]

Playing with my wget now.



From: Tim Evans 
Sent: Thursday, March 11, 2010 10:20 AM
To: NT System Admin Issues 
Subject: RE: DNS Server service shuts down shortly after the DC boots


http://en.wikipedia.org/wiki/Wget

 

Curl would work too: http://en.wikipedia.org/wiki/CURL

 

...Tim

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Thursday, March 11, 2010 6:54 AM
To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

 

what is the wget

 

From: Richard Stovall 

Sent: Wednesday, March 10, 2010 4:05 PM

To: NT System Admin Issues 

Subject: Re: DNS Server service shuts down shortly after the DC boots

 

I just set this up on a sandboxed test VM and it was effective.  I had to 
chuckle, though, because it took over an hour to create the zones.  This VM is 
also a DC for a 5 machine domain and the ntds.dit file went from around 38MB to 
106MB.

On Tue, Mar 9, 2010 at 4:41 PM, Tim Evans  wrote:

I run this batch file:

** begin batch file *

@echo off

set server=mydnsserver

set /p delold=Delete old domains? 

if /I "%delold%" NEQ "Y" goto getit

echo Deleting old domains...

pause

for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f

:getit

if exist domains.txt del domains.txt

wget http://www.malwaredomains.com/files/domains.txt || goto end

if exist mal_list.txt del mal_list.txt

rem ignore lines beginning with # & echo 1st word only

for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt

for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary /DP 
/forest && dnscmd %server% /recordadd %%f * A 192.168.0.6)

:end

** end batch file *

 

This adds a wildcard zone for each domain which points to an internal web 
server at 192.168.0.6. It displays a "web site blocked due to malware" page 
whenever anyone hits it. I go thru the logs regularly and investigate any host 
on that server. It's a bit crude in that it just attempts to add all the 
domains each time it is run, but it works from me. Occasionally, they delete a 
bunch of domains and I couldn't figure out a better way to handle it, so if I 
answer Y to tor prompt, it deletes all domains and readds them from the 
downloaded list. 

 

...Tim

 

From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Tuesday, March 09, 2010 1:13 PM


To: NT System Admin Issues

Subject: Re: DNS Server service shuts down shortly after the DC boots 

 

Very intriguing.

 

How do you accomplish the loading of the domain list?  Using a boot file per 
the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS?  Do 
you refresh the list manually every once and a while?

 

Thanks,
RS

On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans  wrote:

FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

 

...Tim

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Tuesday, March 09, 2010 11:53 AM


To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

 

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

 

Carl

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

 

Oh! Yes, now that you say that..

 

I bet what's happening is that it's timing out.

 

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Carl Houseman [mailto:c.house...@gmail.com] 
Sent: Tuesday, March 09, 2010 2:40 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

 

"Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?

 

One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.

 

I have to say I'm not up for an exte

Re: DNS Server service shuts down shortly after the DC boots

[David W. McSpadden]

what is the wget


From: Richard Stovall 
Sent: Wednesday, March 10, 2010 4:05 PM
To: NT System Admin Issues 
Subject: Re: DNS Server service shuts down shortly after the DC boots


I just set this up on a sandboxed test VM and it was effective.  I had to 
chuckle, though, because it took over an hour to create the zones.  This VM is 
also a DC for a 5 machine domain and the ntds.dit file went from around 38MB to 
106MB.


On Tue, Mar 9, 2010 at 4:41 PM, Tim Evans  wrote:

  I run this batch file:

  ** begin batch file *

  @echo off

  set server=mydnsserver

  set /p delold=Delete old domains? 

  if /I "%delold%" NEQ "Y" goto getit

  echo Deleting old domains...

  pause

  for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f

  :getit

  if exist domains.txt del domains.txt

  wget http://www.malwaredomains.com/files/domains.txt || goto end

  if exist mal_list.txt del mal_list.txt

  rem ignore lines beginning with # & echo 1st word only

  for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt

  for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary /DP 
/forest && dnscmd %server% /recordadd %%f * A 192.168.0.6)

  :end

  ** end batch file *



  This adds a wildcard zone for each domain which points to an internal web 
server at 192.168.0.6. It displays a "web site blocked due to malware" page 
whenever anyone hits it. I go thru the logs regularly and investigate any host 
on that server. It's a bit crude in that it just attempts to add all the 
domains each time it is run, but it works from me. Occasionally, they delete a 
bunch of domains and I couldn't figure out a better way to handle it, so if I 
answer Y to tor prompt, it deletes all domains and readds them from the 
downloaded list. 



  ...Tim



  From: Richard Stovall [mailto:rich...@gmail.com] 
  Sent: Tuesday, March 09, 2010 1:13 PM


  To: NT System Admin Issues

  Subject: Re: DNS Server service shuts down shortly after the DC boots 



  Very intriguing.



  How do you accomplish the loading of the domain list?  Using a boot file per 
the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS?  Do 
you refresh the list manually every once and a while?



  Thanks,
  RS

  On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans  wrote:

  FWIW, I load the entire domain list from http://www.malwaredomains.com/ into 
my AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.



  ...Tim



  From: Carl Houseman [mailto:c.house...@gmail.com] 
  Sent: Tuesday, March 09, 2010 11:53 AM


  To: NT System Admin Issues
  Subject: RE: DNS Server service shuts down shortly after the DC boots



  It appears that background zone loading is a feature of 2008 and later... 
maybe I just need to hurry up the upgrade to 2008.



  Carl



  From: Michael B. Smith [mailto:mich...@smithcons.com] 
  Sent: Tuesday, March 09, 2010 2:44 PM
  To: NT System Admin Issues
  Subject: RE: DNS Server service shuts down shortly after the DC boots



  Oh! Yes, now that you say that….



  I bet what’s happening is that it’s timing out.



  There is a flag (and I’m sorry that I don’t remember the details) that says 
“do the initial zone load in the background”. You probably need to set that. 
That should be enough to biggle with…



  Regards,



  Michael B. Smith

  Consultant and Exchange MVP

  http://TheEssentialExchange.com



  From: Carl Houseman [mailto:c.house...@gmail.com] 
  Sent: Tuesday, March 09, 2010 2:40 PM
  To: NT System Admin Issues
  Subject: RE: DNS Server service shuts down shortly after the DC boots



  "Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?



  One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.



  I have to say I'm not up for an extended debugging journey on this one, just 
wondering if this behavior triggered any memories for anyone.



  Carl



  From: Brian Desmond [mailto:br...@briandesmond.com] 
  Sent: Tuesday, March 09, 2010 1:53 PM
  To: NT System Admin Issues
  Subject: RE: DNS Server service shuts down shortly after the DC boots



  It should be able to kick out more info to a text file.



  The scenario you mention of branch DCs not having connectivity is completely 
normal. 



  Thanks,

  Brian Desmond

  br...@briandesmond.com



  c – 312.731.3132



  From: Carl 

Re: restrict internet access to three websites

[David W. McSpadden]

No dunce cap needed I was actually stating it as a question.  


From: Andrew Levicki 
Sent: Wednesday, March 10, 2010 8:06 AM
To: NT System Admin Issues 
Subject: Re: restrict internet access to three websites


Apologies, David, yes, good point well made. My dunce's cap is well and truly 
in place.


On 10 March 2010 22:01, David W. McSpadden  wrote:

  The idea is not to give them a DNS settings on the TCP/IP stack and only give 
them a hosts file.
  this should limit what the computer 'knows' about on the Internet.


  From: Andrew Levicki 
  Sent: Wednesday, March 10, 2010 7:50 AM
  To: NT System Admin Issues 
  Subject: Re: restrict internet access to three websites


  Hi Thomas / Shane, 


  Sorry if I've missed something, but creating entries in the hosts file alone 
isn't going to restrict these PCs to just these three websites. Is there 
another prong to your attack, so to speak?


  Thanks,


  Andrew


  On 10 March 2010 07:13, Thomas Mullins  wrote:

Hello all,



I have a customer that wants to restrict internet access to only three 
websites.  The machines have Vista Home edition on them.  One of the websites 
is an https site, so we cannot use the built in Parental Controls settings.  



The main office has a Cisco ASA 5505, so no problem there.  I will just 
give the machine a static IP address, and use the ASA to restrict that IP to 
only the three approved websites.  However, the other sites do not have an ASA. 
 I am not sure what router they have (and will not know until I go onsite), but 
I am sure it is a low end unit.  I was thinking of using a hosts file to 
resolve DNS names to actual internet addresses.  



Any better ideas?



Thanks

Shane






 



  -- 
  Kind regards,

  Andrew Levicki MCITP MCSE CCNA
  and...@levicki.me.uk
  www.andrewlevicki.eu




 



 




-- 
Kind regards,

Andrew Levicki MCITP MCSE CCNA
and...@levicki.me.uk
www.andrewlevicki.eu




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: restrict internet access to three websites

[David W. McSpadden]

The idea is not to give them a DNS settings on the TCP/IP stack and only give 
them a hosts file.
this should limit what the computer 'knows' about on the Internet.


From: Andrew Levicki 
Sent: Wednesday, March 10, 2010 7:50 AM
To: NT System Admin Issues 
Subject: Re: restrict internet access to three websites


Hi Thomas / Shane, 


Sorry if I've missed something, but creating entries in the hosts file alone 
isn't going to restrict these PCs to just these three websites. Is there 
another prong to your attack, so to speak?


Thanks,


Andrew


On 10 March 2010 07:13, Thomas Mullins  wrote:

  Hello all,



  I have a customer that wants to restrict internet access to only three 
websites.  The machines have Vista Home edition on them.  One of the websites 
is an https site, so we cannot use the built in Parental Controls settings.  



  The main office has a Cisco ASA 5505, so no problem there.  I will just give 
the machine a static IP address, and use the ASA to restrict that IP to only 
the three approved websites.  However, the other sites do not have an ASA.  I 
am not sure what router they have (and will not know until I go onsite), but I 
am sure it is a low end unit.  I was thinking of using a hosts file to resolve 
DNS names to actual internet addresses.  



  Any better ideas?



  Thanks

  Shane






 



-- 
Kind regards,

Andrew Levicki MCITP MCSE CCNA
and...@levicki.me.uk
www.andrewlevicki.eu




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: restrict internet access to three websites

[David W. McSpadden]

OpenDNS can be set that way but they could put in proxies I think where the 
hosts file will be resolved with or without a proxy
More a question than a statement.


From: Jon Harris 
Sent: Tuesday, March 09, 2010 5:28 PM
To: NT System Admin Issues 
Subject: Re: restrict internet access to three websites


Maybe out of my mind but what about OpenDNS and only allow it to know about 
just those three site. Do not allow it to do any lookups maybe Microsoft DNS 
could do this but I would not set it up that way.

Jon


On Tue, Mar 9, 2010 at 5:13 PM, Thomas Mullins  wrote:

  Hello all,



  I have a customer that wants to restrict internet access to only three 
websites.  The machines have Vista Home edition on them.  One of the websites 
is an https site, so we cannot use the built in Parental Controls settings.  



  The main office has a Cisco ASA 5505, so no problem there.  I will just give 
the machine a static IP address, and use the ASA to restrict that IP to only 
the three approved websites.  However, the other sites do not have an ASA.  I 
am not sure what router they have (and will not know until I go onsite), but I 
am sure it is a low end unit.  I was thinking of using a hosts file to resolve 
DNS names to actual internet addresses.  



  Any better ideas?



  Thanks

  Shane






 






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: restrict internet access to three websites

[David W. McSpadden]

Hosts is the plainest way to do it.



From: Thomas Mullins 
Sent: Tuesday, March 09, 2010 5:13 PM
To: NT System Admin Issues 
Subject: restrict internet access to three websites


Hello all,

 

I have a customer that wants to restrict internet access to only three 
websites.  The machines have Vista Home edition on them.  One of the websites 
is an https site, so we cannot use the built in Parental Controls settings.  

 

The main office has a Cisco ASA 5505, so no problem there.  I will just give 
the machine a static IP address, and use the ASA to restrict that IP to only 
the three approved websites.  However, the other sites do not have an ASA.  I 
am not sure what router they have (and will not know until I go onsite), but I 
am sure it is a low end unit.  I was thinking of using a hosts file to resolve 
DNS names to actual internet addresses.  

 

Any better ideas?

 

Thanks

Shane

 




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Ironport

[David W. McSpadden]

It is the second.
Is there a way to set my internal DNS to point the smtp and pop to the 
Ironport??  The Ironport does not use the internal DNS so it would not be 
affected and I already have an imcu.com zone built???



From: Kevin Lundy 
Sent: Friday, March 05, 2010 8:14 AM
To: NT System Admin Issues 
Subject: Re: Ironport


Is smtp.imcu.com your email provider or is that your internal host?

If email provider: change your clients to use ironport for SMTP, and set the 
smarthost on the IronPort to be smtp.imcu.com  Set the IronPort to allow your 
clients to relay.

If it is your internal host, what Brian described is the answer.


On Fri, Mar 5, 2010 at 7:52 AM, David W. McSpadden  wrote:

  Currently all users using outlook express and point to smtp.imcu.com and 
pop.imcu.com.



  From: Brian Desmond 
  Sent: Thursday, March 04, 2010 8:29 PM
  To: NT System Admin Issues 
  Subject: RE: Ironport


  Set the smarthost on the existing SMTP server to be IronPort, set the 
smarthost on IronPort to be the ISP.



  Thanks,

  Brian Desmond

  br...@briandesmond.com



  c – 312.731.3132



  From: David W. McSpadden [mailto:dav...@imcu.com] 
  Sent: Thursday, March 04, 2010 2:05 PM
  To: NT System Admin Issues
  Subject: Ironport



  I want all my users pop/smtp mail to be forwarded through my Ironport device 
then send on to my ISP/email provider.

  Anyone have any ideas?



 


 



 








 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Ironport

[David W. McSpadden]

Currently all users using outlook express and point to smtp.imcu.com and 
pop.imcu.com.



From: Brian Desmond 
Sent: Thursday, March 04, 2010 8:29 PM
To: NT System Admin Issues 
Subject: RE: Ironport


Set the smarthost on the existing SMTP server to be IronPort, set the smarthost 
on IronPort to be the ISP.

 

Thanks,

Brian Desmond

br...@briandesmond.com

 

c - 312.731.3132

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Thursday, March 04, 2010 2:05 PM
To: NT System Admin Issues
Subject: Ironport

 

I want all my users pop/smtp mail to be forwarded through my Ironport device 
then send on to my ISP/email provider.

Anyone have any ideas?

 

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Ironport

[David W. McSpadden]

I want all my users pop/smtp mail to be forwarded through my Ironport device 
then send on to my ISP/email provider.
Anyone have any ideas?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: ID10T

[David W. McSpadden]

Are they part of a system path?
Environment variable for path?



From: Sean Rector 
Sent: Thursday, March 04, 2010 12:20 PM
To: NT System Admin Issues 
Subject: RE: ID10T


I've run into this when deleting orphaned Windows Update folders.  I had to 
take ownership to be able to delete them.

 

Sean Rector, MCSE

 

From: David Lum [mailto:david@nwea.org] 
Sent: Thursday, March 04, 2010 12:11 PM
To: NT System Admin Issues
Subject: ID10T

 

Server2008.I can't delete specific folders under C:\Program Files "permission 
denied". What's the trick? I even dropped to the command prompt using "Run as 
Administrator" and tried DEL there..no worky.

 

Someone LGMTFY?

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

 

 Information Technology Manager
Virginia Opera Association 


E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}

Virginia Opera's 35th Anniversary Season  The One You Love

Celebrate with a 2009-2010 subscription: 
La Bohème   |   The Daughter of the Regiment   |   Don Giovanni   |   Porgy and 
BessSM

Visit us online at www.VaOpera.org or call 1-866-OPERA-VA

The vision of Virginia Opera is to enrich lives through the powerful 
integration of music, voice and human drama.




This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}




 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Ghosting server 2003

[David W. McSpadden]

Is the VMware free?


From: Sam Cayze 
Sent: Friday, February 26, 2010 10:33 AM
To: NT System Admin Issues 
Subject: RE: Ghosting server 2003


I gave up on Ghost since they don't (Or at least didn't at time) support 
Windows 7.

I moved to ImageX from MS.   And do cloning/sysprep/converting with VMware.



----
From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Friday, February 26, 2010 9:08 AM
To: NT System Admin Issues
Subject: Ghosting server 2003


What/if any software does everyone us to Ghost Windows Server 2003 Standard??




 



 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Ghosting server 2003

[David W. McSpadden]

Sorry, I should have given a little more back ground.
I have 6 branch servers that have 2000 on them and need replacing.
I have a need to get them out the door quickly.  I thought if I built them 
generically and sysprepped the first one I could then ghost the other five and 
then individualize them for the branch location they were going too.
They are simple file/print share servers with IIS and DHCP added after the 
ghost???
So I am still confused about the VM stuff, but your post gives me a direction.  
Thanks.


From: James Rankin 
Sent: Friday, February 26, 2010 10:30 AM
To: NT System Admin Issues 
Subject: Re: Ghosting server 2003


You can P2V with VMWare Converter if the original is a physical

or just use the cloning option in VirtualCenter/VSphere if you are cloning a 
virtual system


On 26 February 2010 15:26, David W. McSpadden  wrote:

  Ok so I am really stupid.  I have seen VMWare thrown around on this list but 
when I go the VMWARE website there are hundreds of apps and none of them look 
like a ghosting utility for Windows machines?
  What/except everything/ am I missing??


  From: James Rankin 
  Sent: Friday, February 26, 2010 10:11 AM
  To: NT System Admin Issues 
  Subject: Re: Ghosting server 2003


  VMWare


  On 26 February 2010 15:08, David W. McSpadden  wrote:

What/if any software does everyone us to Ghost Windows Server 2003 
Standard??




 


  -- 
  "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."





 



 


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."





 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Ghosting server 2003

[David W. McSpadden]

Ok so I am really stupid.  I have seen VMWare thrown around on this list but 
when I go the VMWARE website there are hundreds of apps and none of them look 
like a ghosting utility for Windows machines?
What/except everything/ am I missing??


From: James Rankin 
Sent: Friday, February 26, 2010 10:11 AM
To: NT System Admin Issues 
Subject: Re: Ghosting server 2003


VMWare


On 26 February 2010 15:08, David W. McSpadden  wrote:

  What/if any software does everyone us to Ghost Windows Server 2003 Standard??




 


-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."





 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Ghosting server 2003

[David W. McSpadden]

What/if any software does everyone us to Ghost Windows Server 2003 Standard??

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: VPN anyconnect VNC

[David W. McSpadden]

Thanks.
I didn't create my cert from ASA.
I went to GoDaddy and imported to the ASA.
The cert seems ok.
I think maybe I need the MAC/OSx build for the anyconnect



From: Jon Harris 
Sent: Monday, February 22, 2010 12:39 PM
To: NT System Admin Issues 
Subject: Re: VPN anyconnect VNC


Sorry beyond telling you that there is a cert required I have never set up an 
iPhone for the AnyConnect only Windows systems.  I had to pull the cert and add 
them manually to them.  I never could get the autoload to work right.  I 
suspect it was how I had the firewall setup.

Jon


On Mon, Feb 22, 2010 at 12:26 PM, David W. McSpadden  wrote:

  Ok.  In the Safari browser on the Iphone I don’t see install cert only Accept 
it when I browse to them vpn site.
  also on the VPN settings of the phone cert is greyed out when I try to build 
a static VPN connection (If that is even possible.)




  From: Jon Harris 
  Sent: Monday, February 22, 2010 12:12 PM
  To: NT System Admin Issues 
  Subject: Re: VPN anyconnect VNC


  AnyConnect uses certs to verify connections to approved devices.

  Jon


  On Mon, Feb 22, 2010 at 11:53 AM, David W. McSpadden  wrote:

No?



From: Jon Harris 
Sent: Monday, February 22, 2010 11:40 AM
To: NT System Admin Issues 
Subject: Re: VPN anyconnect VNC


Have you imported the cert that the AnyConnect is using in to the IPhone?

Jon


On Mon, Feb 22, 2010 at 10:23 AM, David W. McSpadden  
wrote:

  Does anyone have VNC or RDP  going through the AnyConnect VPN using their 
IPhone???
  My Iphone gets stuck when I click on the Start AnyConnect button.



 










 



 












 



 








 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: VPN anyconnect VNC

[David W. McSpadden]

Ok.  In the Safari browser on the Iphone I don't see install cert only Accept 
it when I browse to them vpn site.
also on the VPN settings of the phone cert is greyed out when I try to build a 
static VPN connection (If that is even possible.)




From: Jon Harris 
Sent: Monday, February 22, 2010 12:12 PM
To: NT System Admin Issues 
Subject: Re: VPN anyconnect VNC


AnyConnect uses certs to verify connections to approved devices.

Jon


On Mon, Feb 22, 2010 at 11:53 AM, David W. McSpadden  wrote:

  No?



  From: Jon Harris 
  Sent: Monday, February 22, 2010 11:40 AM
  To: NT System Admin Issues 
  Subject: Re: VPN anyconnect VNC


  Have you imported the cert that the AnyConnect is using in to the IPhone?

  Jon


  On Mon, Feb 22, 2010 at 10:23 AM, David W. McSpadden  wrote:

Does anyone have VNC or RDP  going through the AnyConnect VPN using their 
IPhone???
My Iphone gets stuck when I click on the Start AnyConnect button.



 








 



 








 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: VPN anyconnect VNC

[David W. McSpadden]

No?



From: Jon Harris 
Sent: Monday, February 22, 2010 11:40 AM
To: NT System Admin Issues 
Subject: Re: VPN anyconnect VNC


Have you imported the cert that the AnyConnect is using in to the IPhone?

Jon


On Mon, Feb 22, 2010 at 10:23 AM, David W. McSpadden  wrote:

  Does anyone have VNC or RDP  going through the AnyConnect VPN using their 
IPhone???
  My Iphone gets stuck when I click on the Start AnyConnect button.



 






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

VPN anyconnect VNC

[David W. McSpadden]

Does anyone have VNC or RDP  going through the AnyConnect VPN using their 
IPhone???
My Iphone gets stuck when I click on the Start AnyConnect button.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Microsoft training courses blocked

[David W. McSpadden]

The case where Microsoft can not sell Office because they are using some xml 
code that another company has the patent too???


--
From: "Steven M. Caesare" 
Sent: Thursday, February 18, 2010 12:13 PM
To: "NT System Admin Issues" 
Subject: RE: Microsoft training courses blocked


Any info on what XML case it was?

-sc


-Original Message-
From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, February 18, 2010 12:08 PM
To: NT System Admin Issues
Subject: Microsoft training courses blocked

I just got a phone call from our local training center that because 
Microsoft
lost the XML case, all courses involving software with XML have been 
blocked
until they can re-write the course.  No estimate on how long this is 
going to

last.  If you're already in the middle of a course you can continue it.
Otherwise we get to sit and wait...

Paul

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: CISCO VPN Client

[David W. McSpadden]

Don't have any of those yet so I don't know how to work with them.


--
From: "Ray" 
Sent: Thursday, February 18, 2010 10:48 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client


We're starting to see some issues with Win7 64 clients connecting.

-----Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 8:19 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

The AnyConnect from Cisco uses a cert and is webbased, it is very easy to
work with and the users are happy with it.


--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 10:14 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch 
apps

because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to
switch apps because I'd be afraid they'd do the same thing. But I don't
know
the AnyConnect app either.

I seem to remember the VPN client could use certs as part of the auth. I
wonder if that feature could be utilized to block non-client access? I
haven't used the Cisco client for a year or so so I don't recall the
available options.


***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 7:59 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

They change every 20 or 30 hits.
Mostly out of country.
I started by setting up rules to block them but then I had
about 100 rules to block and it became an all day job.
Easier to move the authorized users to AnyConnect which is
supported and kill the VPN Client which has end of lifed anyway.


--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 9:54 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

> Is there a way you can block the source IP(s) before they
get to the
> VPN endpoint?
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>> -Original Message-
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Thursday, February 18, 2010 7:45 AM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>> I have Kiwi Syslogger setup to email me every failed attempt to
>> authenticate through the VPN.
>> It went from 2 or 3 a day from lusers to 2500 to 5000 a
day and all
>> accounts I don't have in AD and all originating from the
VPN tunnel.
>> So disabling the tunnel didn't work, had to remove the
reference to
>> the tunnel entirely.  Now we are back to 2 or 3 a day.
>>
>>
>> From: Bob Fronk <mailto:b...@btrfronk.com>
>> Sent: Thursday, February 18, 2010 9:25 AM
>> To: NT System Admin Issues
>> <mailto:ntsysadmin@lyris.sunbelt-software.com>
>> Subject: RE: CISCO VPN Client
>>
>>
>> How did you discover this was happening?
>>
>>
>>
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Wednesday, February 17, 2010 1:30 PM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Ok.  I am looking at that area under Remote VPN in
Configuration and
>> someone has my VPN Client info and they are trying a Brute Force
>> Vocab attack to my AD's.  So I have moved all my users to
AnyConnect
>> and I am ready to remove the VPN Client from the ASA or
disable it...
>>
>>
>>
>> From: Jon Harris <mailto:jk.har...@gmail.com>
>>
>> Sent: Wednesday, February 17, 2010 1:24 PM
>>
>> To: NT System Admin Issues
>> <mailto:ntsysadmin@lyris.sunbelt-software.com>
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Why are you getting rid of the VPN client?  You don't
remove it you
>> disable it on the ASA.  Just make sure all the rules are
correct for
>> the ASA first.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden

>> wrote:
>>
>>
>>
>> Actually on the ASA.  I think I have it found now but I am still
>> testing.
>>
>> From: Jon Harris <mailto:jk.har...@gmail.com>
>>
>> Sent: Wednesday, February 17, 2010 12:10 PM
>>
>> To: NT System Admin Issues
>> <mailto:ntsysadmin@lyris.sunbelt-software.com>
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Remove i

Re: CISCO VPN Client

[David W. McSpadden]

The AnyConnect from Cisco uses a cert and is webbased, it is very easy to 
work with and the users are happy with it.



--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 10:14 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client


Hmmm. Yeah; that's a lot of overhead. Seems a shame to have to switch apps
because of a bad guy. That's an effective DOS attack, eh? I'd hesitate to
switch apps because I'd be afraid they'd do the same thing. But I don't 
know

the AnyConnect app either.

I seem to remember the VPN client could use certs as part of the auth. I
wonder if that feature could be utilized to block non-client access? I
haven't used the Cisco client for a year or so so I don't recall the
available options.


***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
*******


-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 7:59 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

They change every 20 or 30 hits.
Mostly out of country.
I started by setting up rules to block them but then I had
about 100 rules to block and it became an all day job.
Easier to move the authorized users to AnyConnect which is
supported and kill the VPN Client which has end of lifed anyway.


--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 9:54 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client

> Is there a way you can block the source IP(s) before they
get to the
> VPN endpoint?
>
> ***
> Charlie Kaiser
> charl...@golden-eagle.org
> Kingman, AZ
> ***
>
>> -Original Message-
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Thursday, February 18, 2010 7:45 AM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>> I have Kiwi Syslogger setup to email me every failed attempt to
>> authenticate through the VPN.
>> It went from 2 or 3 a day from lusers to 2500 to 5000 a
day and all
>> accounts I don't have in AD and all originating from the
VPN tunnel.
>> So disabling the tunnel didn't work, had to remove the
reference to
>> the tunnel entirely.  Now we are back to 2 or 3 a day.
>>
>>
>> From: Bob Fronk <mailto:b...@btrfronk.com>
>> Sent: Thursday, February 18, 2010 9:25 AM
>> To: NT System Admin Issues
>> <mailto:ntsysadmin@lyris.sunbelt-software.com>
>> Subject: RE: CISCO VPN Client
>>
>>
>> How did you discover this was happening?
>>
>>
>>
>> From: David W. McSpadden [mailto:dav...@imcu.com]
>> Sent: Wednesday, February 17, 2010 1:30 PM
>> To: NT System Admin Issues
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Ok.  I am looking at that area under Remote VPN in
Configuration and
>> someone has my VPN Client info and they are trying a Brute Force
>> Vocab attack to my AD's.  So I have moved all my users to
AnyConnect
>> and I am ready to remove the VPN Client from the ASA or
disable it...
>>
>>
>>
>> From: Jon Harris <mailto:jk.har...@gmail.com>
>>
>> Sent: Wednesday, February 17, 2010 1:24 PM
>>
>> To: NT System Admin Issues
>> <mailto:ntsysadmin@lyris.sunbelt-software.com>
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Why are you getting rid of the VPN client?  You don't
remove it you
>> disable it on the ASA.  Just make sure all the rules are
correct for
>> the ASA first.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden

>> wrote:
>>
>>
>>
>> Actually on the ASA.  I think I have it found now but I am still
>> testing.
>>
>> From: Jon Harris <mailto:jk.har...@gmail.com>
>>
>> Sent: Wednesday, February 17, 2010 12:10 PM
>>
>> To: NT System Admin Issues
>> <mailto:ntsysadmin@lyris.sunbelt-software.com>
>>
>> Subject: Re: CISCO VPN Client
>>
>>
>>
>> Remove it is the best, they install into the same root directory
>> under Program Files but have separate directories under
that.  They
>> are separate programs as Microsoft sees them.
>>
>>
>>
>> Jon
>>
>> On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden

>> wrote:
>>
>> Anyone point me on how to Disable the old CISCO VPN Client
and leave
>> the AnyConnect still enabled?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource
hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>


~ Finally, powerful endpoint security that ISN'T a resource
hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: CISCO VPN Client

[David W. McSpadden]

They change every 20 or 30 hits.
Mostly out of country.
I started by setting up rules to block them but then I had about 100 rules 
to block and it became an all day job.  Easier to move the authorized users 
to AnyConnect which is supported and kill the VPN Client which has end of 
lifed anyway.



--
From: "Charlie Kaiser" 
Sent: Thursday, February 18, 2010 9:54 AM
To: "NT System Admin Issues" 
Subject: RE: CISCO VPN Client


Is there a way you can block the source IP(s) before they get to the VPN
endpoint?

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


-Original Message-
From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, February 18, 2010 7:45 AM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

I have Kiwi Syslogger setup to email me every failed attempt
to authenticate through the VPN.
It went from 2 or 3 a day from lusers to 2500 to 5000 a day
and all accounts I don't have in AD and all originating from
the VPN tunnel.
So disabling the tunnel didn't work, had to remove the
reference to the tunnel entirely.  Now we are back to 2 or 3 a day.


From: Bob Fronk <mailto:b...@btrfronk.com>
Sent: Thursday, February 18, 2010 9:25 AM
To: NT System Admin Issues
<mailto:ntsysadmin@lyris.sunbelt-software.com>
Subject: RE: CISCO VPN Client


How did you discover this was happening?



From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Wednesday, February 17, 2010 1:30 PM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client



Ok.  I am looking at that area under Remote VPN in
Configuration and someone has my VPN Client info and they are
trying a Brute Force Vocab attack to my AD's.  So I have
moved all my users to AnyConnect and I am ready to remove the
VPN Client from the ASA or disable it...



From: Jon Harris <mailto:jk.har...@gmail.com>

Sent: Wednesday, February 17, 2010 1:24 PM

To: NT System Admin Issues
<mailto:ntsysadmin@lyris.sunbelt-software.com>

Subject: Re: CISCO VPN Client



Why are you getting rid of the VPN client?  You don't remove
it you disable it on the ASA.  Just make sure all the rules
are correct for the ASA first.



Jon

On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden
 wrote:



Actually on the ASA.  I think I have it found now but I am
still testing.

From: Jon Harris <mailto:jk.har...@gmail.com>

Sent: Wednesday, February 17, 2010 12:10 PM

To: NT System Admin Issues
<mailto:ntsysadmin@lyris.sunbelt-software.com>

Subject: Re: CISCO VPN Client



Remove it is the best, they install into the same root
directory under Program Files but have separate directories
under that.  They are separate programs as Microsoft sees them.



Jon

On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden
 wrote:

Anyone point me on how to Disable the old CISCO VPN Client
and leave the AnyConnect still enabled?





































~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: CISCO VPN Client

[David W. McSpadden]

I have Kiwi Syslogger setup to email me every failed attempt to authenticate 
through the VPN.
It went from 2 or 3 a day from lusers to 2500 to 5000 a day and all accounts I 
don't have in AD and all originating from the VPN tunnel.
So disabling the tunnel didn't work, had to remove the reference to the tunnel 
entirely.  Now we are back to 2 or 3 a day.



From: Bob Fronk 
Sent: Thursday, February 18, 2010 9:25 AM
To: NT System Admin Issues 
Subject: RE: CISCO VPN Client


How did you discover this was happening?

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 1:30 PM
To: NT System Admin Issues
Subject: Re: CISCO VPN Client

 

Ok.  I am looking at that area under Remote VPN in Configuration and someone 
has my VPN Client info and they are trying a Brute Force Vocab attack to my 
AD's.  So I have moved all my users to AnyConnect and I am ready to remove the 
VPN Client from the ASA or disable it...

 

From: Jon Harris 

Sent: Wednesday, February 17, 2010 1:24 PM

To: NT System Admin Issues 

Subject: Re: CISCO VPN Client

 

Why are you getting rid of the VPN client?  You don't remove it you disable it 
on the ASA.  Just make sure all the rules are correct for the ASA first.

 

Jon

On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden  wrote:

 

Actually on the ASA.  I think I have it found now but I am still testing.

From: Jon Harris 

Sent: Wednesday, February 17, 2010 12:10 PM

To: NT System Admin Issues 

Subject: Re: CISCO VPN Client

 

Remove it is the best, they install into the same root directory under Program 
Files but have separate directories under that.  They are separate programs as 
Microsoft sees them.

 

Jon 

On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden  wrote:

Anyone point me on how to Disable the old CISCO VPN Client and leave the 
AnyConnect still enabled?

 

  

 

  

  

 

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: SQL 2005 Mirroring

[David W. McSpadden]

Sweet.  The doc's I've been looking at keep talking about certs but none of 
them said what you just said.
Thank you.


From: Michael B. Smith 
Sent: Wednesday, February 17, 2010 4:28 PM
To: NT System Admin Issues 
Subject: RE: SQL 2005 Mirroring


You have to run mirroring from an account that has network access privileges - 
which local system doesn't.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 3:08 PM
To: NT System Admin Issues
Subject: Re: SQL 2005 Mirroring

 

Does having SQL running from local system instead of "sa" account sound obvious 
to you?

 

From: Michael B. Smith 

Sent: Wednesday, February 17, 2010 2:38 PM

To: NT System Admin Issues 

Subject: RE: SQL 2005 Mirroring

 

There are metric buttloads of potential issues with a 1418 error.

 

I'd start on google and just work down the page.

 

"sql mirror error 1418"

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 2:33 PM
To: NT System Admin Issues
Subject: Re: SQL 2005 Mirroring

 

Just using general names for the forum.

domain\appsa account = sa account to me.

Sorry for being vague.

 

 

From: Michael B. Smith 

Sent: Wednesday, February 17, 2010 2:09 PM

To: NT System Admin Issues 

Subject: RE: SQL 2005 Mirroring

 

The SA account?

 

You should be in a domain using windows auth, ne?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 1:15 PM
To: NT System Admin Issues
Subject: Re: SQL 2005 Mirroring

 

Having trouble communicating between the witness, publisher, and subscriber...

I can connect to thru Management Console to the SA account on all three but 
when I start up Mirroring I get a 1418 error??

 

 

From: Michael B. Smith 

Sent: Wednesday, February 17, 2010 12:04 PM

To: NT System Admin Issues 

Subject: RE: SQL 2005 Mirroring

 

Yes. It rocks REALLY hard. 

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 11:52 AM
To: NT System Admin Issues
Cc: NT System Admin Issues
Subject: SQL 2005 Mirroring

 

Anyone have this set up and working?

 

  

  

  

  

  

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: SQL 2005 Mirroring

[David W. McSpadden]

Does having SQL running from local system instead of "sa" account sound obvious 
to you?


From: Michael B. Smith 
Sent: Wednesday, February 17, 2010 2:38 PM
To: NT System Admin Issues 
Subject: RE: SQL 2005 Mirroring


There are metric buttloads of potential issues with a 1418 error.

 

I'd start on google and just work down the page.

 

"sql mirror error 1418"

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 2:33 PM
To: NT System Admin Issues
Subject: Re: SQL 2005 Mirroring

 

Just using general names for the forum.

domain\appsa account = sa account to me.

Sorry for being vague.

 

 

From: Michael B. Smith 

Sent: Wednesday, February 17, 2010 2:09 PM

To: NT System Admin Issues 

Subject: RE: SQL 2005 Mirroring

 

The SA account?

 

You should be in a domain using windows auth, ne?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 1:15 PM
To: NT System Admin Issues
Subject: Re: SQL 2005 Mirroring

 

Having trouble communicating between the witness, publisher, and subscriber...

I can connect to thru Management Console to the SA account on all three but 
when I start up Mirroring I get a 1418 error??

 

 

From: Michael B. Smith 

Sent: Wednesday, February 17, 2010 12:04 PM

To: NT System Admin Issues 

Subject: RE: SQL 2005 Mirroring

 

Yes. It rocks REALLY hard. 

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 11:52 AM
To: NT System Admin Issues
Cc: NT System Admin Issues
Subject: SQL 2005 Mirroring

 

Anyone have this set up and working?

 

  

  

  

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: SQL 2005 Mirroring

[David W. McSpadden]

Just using general names for the forum.
domain\appsa account = sa account to me.
Sorry for being vague.



From: Michael B. Smith 
Sent: Wednesday, February 17, 2010 2:09 PM
To: NT System Admin Issues 
Subject: RE: SQL 2005 Mirroring


The SA account?

 

You should be in a domain using windows auth, ne?

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 1:15 PM
To: NT System Admin Issues
Subject: Re: SQL 2005 Mirroring

 

Having trouble communicating between the witness, publisher, and subscriber...

I can connect to thru Management Console to the SA account on all three but 
when I start up Mirroring I get a 1418 error??

 

 

From: Michael B. Smith 

Sent: Wednesday, February 17, 2010 12:04 PM

To: NT System Admin Issues 

Subject: RE: SQL 2005 Mirroring

 

Yes. It rocks REALLY hard. 

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 11:52 AM
To: NT System Admin Issues
Cc: NT System Admin Issues
Subject: SQL 2005 Mirroring

 

Anyone have this set up and working?

 

  

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: CISCO VPN Client

[David W. McSpadden]

Ok.  I am looking at that area under Remote VPN in Configuration and someone 
has my VPN Client info and they are trying a Brute Force Vocab attack to my 
AD's.  So I have moved all my users to AnyConnect and I am ready to remove the 
VPN Client from the ASA or disable it...


From: Jon Harris 
Sent: Wednesday, February 17, 2010 1:24 PM
To: NT System Admin Issues 
Subject: Re: CISCO VPN Client


Why are you getting rid of the VPN client?  You don't remove it you disable it 
on the ASA.  Just make sure all the rules are correct for the ASA first.

Jon


On Wed, Feb 17, 2010 at 1:13 PM, David W. McSpadden  wrote:


  Actually on the ASA.  I think I have it found now but I am still testing.

  From: Jon Harris 
  Sent: Wednesday, February 17, 2010 12:10 PM
  To: NT System Admin Issues 
  Subject: Re: CISCO VPN Client


  Remove it is the best, they install into the same root directory under 
Program Files but have separate directories under that.  They are separate 
programs as Microsoft sees them.

  Jon 


  On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden  wrote:

Anyone point me on how to Disable the old CISCO VPN Client and leave the 
AnyConnect still enabled?



 








 



 








 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: SQL 2005 Mirroring

[David W. McSpadden]

Having trouble communicating between the witness, publisher, and subscriber...
I can connect to thru Management Console to the SA account on all three but 
when I start up Mirroring I get a 1418 error??



From: Michael B. Smith 
Sent: Wednesday, February 17, 2010 12:04 PM
To: NT System Admin Issues 
Subject: RE: SQL 2005 Mirroring


Yes. It rocks REALLY hard. 

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Wednesday, February 17, 2010 11:52 AM
To: NT System Admin Issues
Cc: NT System Admin Issues
Subject: SQL 2005 Mirroring

 

Anyone have this set up and working?

 

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: CISCO VPN Client

[David W. McSpadden]

Actually on the ASA.  I think I have it found now but I am still testing.

From: Jon Harris 
Sent: Wednesday, February 17, 2010 12:10 PM
To: NT System Admin Issues 
Subject: Re: CISCO VPN Client


Remove it is the best, they install into the same root directory under Program 
Files but have separate directories under that.  They are separate programs as 
Microsoft sees them.

Jon 


On Wed, Feb 17, 2010 at 8:07 AM, David W. McSpadden  wrote:

  Anyone point me on how to Disable the old CISCO VPN Client and leave the 
AnyConnect still enabled?



 






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

SQL 2005 Mirroring

[David W. McSpadden]

Anyone have this set up and working?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

CISCO VPN Client

[David W. McSpadden]

Anyone point me on how to Disable the old CISCO VPN Client and leave the 
AnyConnect still enabled?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: building a new server

[David W. McSpadden]

Damn it I am so stupid most of the time.


From: Steve Ens 
Sent: Thursday, January 21, 2010 12:28 PM
To: NT System Admin Issues 
Subject: Re: building a new server


Like the others, it is a controller driver, but funny that the new OS's don't 
have those drivers built in yet.


On Thu, Jan 21, 2010 at 11:16 AM, David W. McSpadden  wrote:

   I have a DL320 G5 with SATA Raid controller and two 160GB drives.  I want to 
mirror them and I did that through the BIOS. I boot and see 1 logical disk but 
when windows Cd boots it says no valid drive was found???
  What am I doing wrong???




 






 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

building a new server

[David W. McSpadden]

 I have a DL320 G5 with SATA Raid controller and two 160GB drives.  I want to 
mirror them and I did that through the BIOS. I boot and see 1 logical disk but 
when windows Cd boots it says no valid drive was found???
What am I doing wrong???

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Windows 7 Scheduled Task

[David W. McSpadden]

I have looked through most of them.  I killed the EasyShare ones and the 
msfeedsync ones but left the rest.  I haven't had any classes on 7 yet but it 
would be nice to have a notification that scheduled task xxx ran at 1:00 am and 
completed successfully then have the radio button to show in the future.  That 
way I would be able to say that I knew the pc was updating at 1:00 am and it 
wasn't a rogue process accessing the internet...
Does that make sense.  I don't disagree it is a great place for it and gives me 
a place to look now that I know about it but something should be said someplace 
right???



From: Steven M. Caesare 
Sent: Thursday, January 21, 2010 12:00 PM
To: NT System Admin Issues 
Subject: RE: Windows 7 Scheduled Task


Egads. Ditto.

 

Altho I have to say I like the fact that the OS (and things like antimalware) 
are using the task scheduler as a common dispatch point, rathter than processes 
running amok everywhere doing their own thing.

 

-sc

 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Thursday, January 21, 2010 11:37 AM
To: NT System Admin Issues
Subject: RE: Windows 7 Scheduled Task

 

I just looked at mine for the first time. There's a c...@pload listed under 
Windows and a few for Apple and Google software.

 

HTH,

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com

 

From: David W. McSpadden [mailto:dav...@imcu.com] 
Sent: Thursday, January 21, 2010 11:31 AM
To: NT System Admin Issues
Subject: Windows 7 Scheduled Task

 

Has anyone looked at all the Scheduled Tasks in Windows 7 Pro??

I have a ton of tasks I have never scheduled and I am just wondering when and 
how they were set up???

 

  

 


 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Windows 7 Scheduled Task

[David W. McSpadden]

Has anyone looked at all the Scheduled Tasks in Windows 7 Pro??
I have a ton of tasks I have never scheduled and I am just wondering when and 
how they were set up???
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: This is fairly scary...

[David W. McSpadden]

I work for a credit union and we have seen these but the really scary  
skimmers are your waiters and waiteresses. They have full access to  
your card and code from the back of your card.

Sent from my iPhone

On Jan 15, 2010, at 11:35 PM, Kurt Buff  wrote:

> I knew about skimmers, but this is going to a whole new level.
>
> Wow.
>
> On Fri, Jan 15, 2010 at 20:25, Angus Scott-Fleming  > wrote:
>> You want scary on a Friday evening?  Check this out.  Talk about  
>> the perfect
>> bank-account-looting tool - it captures your card info AND your PIN  
>> and
>> texts them to the bad guys immediately.  I don't know if I could have
>> detected this hacked ATM.  Scary!  Pix were taken by Mykko Hyponnen  
>> of
>> F-Secure:
>> ATM main view: http://twitpic.com/4pko1
>> ATM close-up of the slot: http://twitpic.com/4pkn3
>> ATM showing capture camera (in phone): http://twitpic.com/4pknu
>> ATM slot skimming device: http://twitpic.com/4pkmn
>> ATM closeup of phone & batts: http://twitpic.com/4pkmj
>> Here's another skimming device that was mounted on a Citibank ATM:
>>   Would You Have Spotted the Fraud? — Krebs on Security
>>   http://www.krebsonsecurity.com/2010/01/would-you-have-spotted-the-fraud/
>> Pictured below is what’s known as a skimmer, or a device made to b 
>> e affixed
>> to the mouth of an ATM machine and secretly swipe credit and debit  
>> card
>> information when bank customers slip their cards into the machines  
>> to pull
>> out money. Skimmers have been around for years, of course, but  
>> thieves are
>> constantly improving them, and the device picture below is a  
>> perfect example
>> of that evolution.
>> This particular skimmer was found Dec. 6, 2009, attached to the  
>> front of a
>> Citibank ATM in Woodland Hills, Calif. Would you have been able to  
>> spot
>> this?
>>
>>
>> --
>> Angus Scott-Fleming
>> GeoApps, Tucson, Arizona
>> 1-520-895-3270
>> ~!
>>
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Stop 0x7b

[David W. McSpadden]

How do I boot into a Windows 2000 server that is getting a 0x7b error?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Process Monitor

[David W. McSpadden]

I read the procmon would show me the access rights to a file so I could lock a 
server/computer down to the minimum required perms.  I have it downloaded and 
running but I don't see anything about perms???
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~